Moderate severityNVD Advisory· Published Mar 4, 2022· Updated Aug 3, 2024

A carefully crafted TNEF file can cause an out of memory exception

CVE-2022-26336

Description

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.poi:poi-scratchpadMaven	>= 3.8-beta1, < 5.2.1	5.2.1

Affected products

ghsa-coords
pkg:maven/org.apache.poi/poi-scratchpad
Range: >= 3.8-beta1, < 5.2.1
Apache Software Foundation/poi-scratchpadv5
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-mqvp-7rrg-9jxcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-26336ghsaADVISORY
lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09jghsaWEB
security.netapp.com/advisory/ntap-20221028-0006ghsaWEB
security.netapp.com/advisory/ntap-20221028-0006/mitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000