[Bug 65740] New: java.lang.IllegalArgumentException, org.apache.poi.openxml4j.opc.PackagingURIHelper.resolvePartUri--PackagingURIHelper.java-415

Mon, 13 Dec 2021 01:01:32 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65740

            Bug ID: 65740
           Summary: java.lang.IllegalArgumentException,
                    org.apache.poi.openxml4j.opc.PackagingURIHelper.resolv
                    ePartUri--PackagingURIHelper.java-415
           Product: POI
           Version: 5.0.x-dev
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: OPC
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

# java.lang.IllegalArgumentException in
`org.apache.poi.openxml4j.opc.PackagingURIHelper.resolvePartUri::PackagingURIHelper.java:415`
poi 5.1.0

This vulnerability is of java.lang.IllegalArgumentException, and can be
triggered in latest version poi (5.1.0).
It is caused by passing an illegal or inappropriate argument into a method and
can can be used for attackers to launch DoS (Denial of Service) attack for any
java program that uses this library (since the user of metadata-extractor
doesn't know they need to catch this kind of exception) ( CWE-248: Uncaught
exception).
Likely, the root cause of this crash is in
`org.apache.poi.openxml4j.opc.PackagingURIHelper.resolvePartUri::PackagingURIHelper.java:415`.
See more detail from the following crash stack.

# Crash stack:
The crash thread's stack is as follows:

```
org.apache.poi.openxml4j.opc.PackagingURIHelper.resolvePartUri::PackagingURIHelper.java:415
org.apache.poi.openxml4j.opc.PackageRelationship.getTargetURI::PackageRelationship.java:194
org.apache.poi.ooxml.POIXMLDocumentPart.read::POIXMLDocumentPart.java:643
org.apache.poi.ooxml.POIXMLDocumentPart.read::POIXMLDocumentPart.java:678
org.apache.poi.ooxml.POIXMLDocument.load::POIXMLDocument.java:165
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:275
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296
com.test.Entry.main::Entry.java:32
```


# Steps to reproduce:

1. Build the following java code with the corresponding poi library (version
5.1.0).

```
## Download poi_env_reproduce.zip from
https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/view?usp=sharing
unzip poi_env_reproduce.zip
cd poi_env_reproduce
bash build.sh
```

2. Run the built program to see the crash by feeding one of the poc file
contained in the pocs.tar.gz, e.g. :

```bash
java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar
pocs/crash-46c0fab66256d7a06a4ad7e7501e4352a2e3a792
```

Any further discussion for this vulnerability including fix is welcomed!
Feel free to contact me at [email protected]
(https://github.com/ZanderHuang)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to