Lucene search
K

10 matches found

CVE
CVE
added 2025/04/09 11:59 a.m.395 views

CVE-2025-31672

CVE-2025-31672 is an Improper Input Validation issue in Apache POI’s OOXML parsing. The root cause is acceptance of duplicate zip entry names (including paths) within OOXML files (xlsx/docx/pptx), which can cause reads of different data depending on which duplicate entry is chosen. Affects poi-oo...

5.3CVSS6.3AI score0.01237EPSS
CVE
CVE
added 2019/10/23 7:27 p.m.344 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2018/01/29 5:0 p.m.224 views

CVE-2017-12626

CVE-2017-12626 affects Apache POI prior to 3.17. The vulnerability arises from parsing crafted WMF/EMF/MSG and macros (leading to denial of service via infinite loop) and crafted DOC/PPT/XLS (leading to out-of-memory errors). Multiple connected advisories reference this CVE and describe it as a D...

7.5CVSS7.4AI score0.10248EPSS
CVE
CVE
added 2022/03/04 12:0 a.m.210 views

CVE-2022-26336

CVE-2022-26336 affects the poi-scratchpad HMEF package in Apache POI used to read TNEF files. The issue can trigger an Out of Memory exception when parsing untrusted TNEF inputs, impacting poi-scratchpad versions up to 5.2.0. The publicly recommended remediation is to upgrade to poi-scratchpad 5....

5.5CVSS5.4AI score0.01484EPSS
CVE
CVE
added 2017/03/24 2:0 p.m.115 views

CVE-2017-5644

CVE-2017-5644 affects Apache POI: versions prior to 3.15 are vulnerable to an XML Entity Expansion (XEE) denial of service via a specially crafted OOXML file, causing high CPU usage. Documented impact is a CPU consumption DoS rather than code execution. Public references in the connected material...

7.1CVSS5.3AI score0.04595EPSS
CVE
CVE
added 2012/08/07 9:0 p.m.105 views

CVE-2012-0213

The CVE-2012-0213 vulnerability resides in Apache POI 3.8 and earlier, specifically UnhandledDataStructure.java, where crafted CDF/CFBF data can cause a denial of service (OutOfMemoryError). IBM and vendor advisories consistently tie this CVE to Apache POI loaded in IBM QRadar SIEM and related IB...

5CVSS5.5AI score0.07503EPSS
CVE
CVE
added 2014/09/04 5:0 p.m.105 views

CVE-2014-3529

The CVE-2014-3529 issue is an XXE in Apache POI’s OOXML processing (OPC SAX setup) prior to 3.10.1, enabling a remote attacker to read arbitrary files via an OpenXML file containing an external entity declaration. IBM and vulnerability bulletins note that upgrading poi-ooxml to 4.0.x (and general...

4.3CVSS7.1AI score0.13258EPSS
CVE
CVE
added 2015/01/06 3:0 p.m.105 views

CVE-2014-9527

CVE-2014-9527 is a denial-of-service in Apache POI’s HSLFSlideShow when processing crafted PPTs. Affected component: HSLFSlideShow in POI prior to 3.11. Impact: application may enter an infinite loop and deadlock. Root cause: vulnerable PPT parsing path in POI. Mitigation: upgrade to POI 3.11 or ...

5CVSS5.8AI score0.07922EPSS
CVE
CVE
added 2014/09/04 5:0 p.m.100 views

CVE-2014-3574

Apache POI is affected by CVE-2014-3574. Affected versions: POI before 3.10.1 and 3.11.x before 3.11-beta2. Root cause: XML Entity Expansion (XEE) in OOXML processing. Impact: remote attacker can cause a denial of service via crafted OOXML files (CPU consumption and crash). Remediation: upgrade t...

4.3CVSS6.7AI score0.07395EPSS
CVE
CVE
added 2016/08/05 2:0 p.m.86 views

CVE-2016-5000

The CVE-2016-5000 entry concerns the XLSX2CSV example in Apache POI. The root cause is an XML External Entity (XXE) vulnerability introduced when parsing OpenXML in the XLSX2CSV path, allowing a crafted document to cause an external-entity reference to read arbitrary files. Affected products/vers...

5.5CVSS5.5AI score0.04151EPSS