Bug 1181223 (CVE-2014-9527)

Summary: CVE-2014-9527 apache-poi: denial of service in HSLFSlideShow via corrupted PPT file
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acathrow, aileenc, alazarot, bdawidow, bmcclain, brms-jira, chazlett, cperry, dblechte, epp-bugs, etirelli, gvarsami, idith, jbpapp-maint, jcoleman, jolee, jpallich, jrusnack, kconner, ldimaggi, lpetrovi, lsurette, mbaluch, michal.skrivanek, mweiler, mwinkler, nwallace, Rhev-m-bugs, rrajasek, rwagner, rzhang, soa-p-jira, srevivo, tcunning, theute, tkirby, vhalbert, ykaul
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
See Also: https://issues.redhat.com/browse/ENTESB-5382
Whiteboard:
Fixed In Version: Apache POI 3.11 Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:37:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1327359, 1327347, 1327348, 1327349, 1327350, 1327351, 1327352, 1327353, 1327354, 1327355    
Bug Blocks: 1181227, 1335310, 1385169    

Description Martin Prpič 2015-01-12 16:00:17 UTC 
A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely.

Upstream Issue:

https://issues.apache.org/bugzilla/show_bug.cgi?id=57272

Upstream Fix:

https://svn.apache.org/viewvc?view=revision&revision=1643680
Comment 1 gil cattaneo 2015-02-14 16:52:23 UTC 
There are some problems to solve for upgrade Apache Poi to 3.11
#1, i have no idea what license they use these files, used by poi-ooxml* artefacts

http://www.ecma-international.org/publications/files/ECMA-ST/Office%20Open%20XML%201st%20edition%20Part%202%20(PDF).zip
http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd
http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd
http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcmitype.xsd
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
http://uri.etsi.org/01903/v1.3.2/XAdES.xsd
http://uri.etsi.org/01903/v1.4.1/XAdESv141.xsd

#2 Apache Poi to 3.11 use xml-security 2.x, xml-security update would cause compatibility problems that for now prefer to avoid

regards
Comment 2 Tomas Hoger 2015-02-15 14:46:47 UTC 
Fixed In Version field of Security Response / vulnerability bugs is used to tracked information about what upstream version fixed specific flaws.
Comment 3 Fedora Update System 2015-02-23 07:59:28 UTC 
apache-poi-3.10.1-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 errata-xmlrpc 2016-05-26 19:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Data Virtualization security and bug fix update

Via RHSA-2016:1135 https://access.redhat.com/errata/RHSA-2016:1135