https://bz.apache.org/bugzilla/show_bug.cgi?id=65742
Bug ID: 65742
Summary: java.lang.IllegalStateException in
`org.apache.poi.xssf.usermodel.XSSFHyperlink.<init>::X
SSFHyperlink.java:76` poi 5.1.0
Product: POI
Version: 5.0.x-dev
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: XSSF
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
# java.lang.IllegalStateException in
`org.apache.poi.xssf.usermodel.XSSFHyperlink.<init>::XSSFHyperlink.java:76` poi
5.1.0
This vulnerability is of java.lang.IllegalStateException, and can be triggered
in latest version poi (5.1.0).
It is caused by invoking a method at an inappropriate time and can can be used
for attackers to launch DoS (Denial of Service) attack for any java program
that uses this library (since the user of metadata-extractor doesn't know they
need to catch this kind of exception) ( CWE-248: Uncaught exception).
Likely, the root cause of this crash is in
`org.apache.poi.xssf.usermodel.XSSFHyperlink.<init>::XSSFHyperlink.java:76`.
See more detail from the following crash stack.
# Crash stack:
The crash thread's stack is as follows:
```
org.apache.poi.xssf.usermodel.XSSFHyperlink.<init>::XSSFHyperlink.java:76
org.apache.poi.xssf.usermodel.XSSFSheet.initHyperlinks::XSSFSheet.java:239
org.apache.poi.xssf.usermodel.XSSFSheet.read::XSSFSheet.java:189
org.apache.poi.xssf.usermodel.XSSFSheet.onDocumentRead::XSSFSheet.java:159
org.apache.poi.xssf.usermodel.XSSFWorkbook.parseSheet::XSSFWorkbook.java:448
org.apache.poi.xssf.usermodel.XSSFWorkbook.onDocumentRead::XSSFWorkbook.java:413
org.apache.poi.ooxml.POIXMLDocument.load::POIXMLDocument.java:169
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:275
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296
com.test.Entry.main::Entry.java:32
```
# Steps to reproduce:
1. Build the following java code with the corresponding poi library (version
5.1.0).
```
## Download poi_env_reproduce.zip from
https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/view?usp=sharing
unzip poi_env_reproduce.zip
cd poi_env_reproduce
bash build.sh
```
2. Run the built program to see the crash by feeding one of the poc file
contained in the pocs.tar.gz, e.g. :
```bash
java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar
pocs/crash-5a6edeb2f92c65a5e64ea2934911a0a9a5b4bda5
```
Any further discussion for this vulnerability including fix is welcomed!
Feel free to contact me at [email protected]
(https://github.com/ZanderHuang)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
