[Bug 65741] New: java.lang.IllegalArgumentException in `org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434` poi 5.1.0

Mon, 13 Dec 2021 01:09:11 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65741

            Bug ID: 65741
           Summary: java.lang.IllegalArgumentException in
                    `org.apache.poi.openxml4j.opc.internal.PackageProperti
                    esPart.setCreatedProperty::PackagePropertiesPart.java:
                    434` poi 5.1.0
           Product: POI
           Version: 5.0.x-dev
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: OPC
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

# java.lang.IllegalArgumentException in
`org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434`
poi 5.1.0

This vulnerability is of java.lang.IllegalArgumentException, and can be
triggered in latest version poi (5.1.0).
It is caused by passing an illegal or inappropriate argument into a method and
can can be used for attackers to launch DoS (Denial of Service) attack for any
java program that uses this library (since the user of metadata-extractor
doesn't know they need to catch this kind of exception) ( CWE-248: Uncaught
exception).
Likely, the root cause of this crash is in
`org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434`.
See more detail from the following crash stack.

# Crash stack:
The crash thread's stack is as follows:

```
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:434
org.apache.poi.openxml4j.opc.internal.unmarshallers.PackagePropertiesUnmarshaller.unmarshall::PackagePropertiesUnmarshaller.java:122
org.apache.poi.openxml4j.opc.OPCPackage.getParts::OPCPackage.java:760
org.apache.poi.openxml4j.opc.OPCPackage.open::OPCPackage.java:315
org.apache.poi.ooxml.util.PackageHelper.open::PackageHelper.java:47
org.apache.poi.xssf.usermodel.XSSFWorkbook.<init>::XSSFWorkbook.java:296
com.test.Entry.main::Entry.java:32
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setDateValue::PackagePropertiesPart.java:697
org.apache.poi.openxml4j.opc.internal.PackagePropertiesPart.setCreatedProperty::PackagePropertiesPart.java:432
```


# Steps to reproduce:

1. Build the following java code with the corresponding poi library (version
5.1.0).

```
## Download poi_env_reproduce.zip from
https://drive.google.com/file/d/1N4gUC0MF-SAN-Xz0van0_7TbNj4aUuFd/view?usp=sharing
unzip poi_env_reproduce.zip
cd poi_env_reproduce
bash build.sh
```

2. Run the built program to see the crash by feeding one of the poc file
contained in the pocs.tar.gz, e.g. :

```bash
java -jar target/Entry-1.0-SNAPSHOT-jar-with-dependencies.jar
pocs/crash-eb5abc12c6bc956e4f75b20d4325d015e0031918
```

Any further discussion for this vulnerability including fix is welcomed!
Feel free to contact me at [email protected]
(https://github.com/ZanderHuang)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to