3 matches found
CVE-2025-31672
CVE-2025-31672 is an Improper Input Validation issue in Apache POI’s OOXML parsing. The root cause is acceptance of duplicate zip entry names (including paths) within OOXML files (xlsx/docx/pptx), which can cause reads of different data depending on which duplicate entry is chosen. Affects poi-oo...
CVE-2017-12626
CVE-2017-12626 affects Apache POI prior to 3.17. The vulnerability arises from parsing crafted WMF/EMF/MSG and macros (leading to denial of service via infinite loop) and crafted DOC/PPT/XLS (leading to out-of-memory errors). Multiple connected advisories reference this CVE and describe it as a D...
CVE-2022-26336
CVE-2022-26336 affects the poi-scratchpad HMEF package in Apache POI used to read TNEF files. The issue can trigger an Out of Memory exception when parsing untrusted TNEF inputs, impacting poi-scratchpad versions up to 5.2.0. The publicly recommended remediation is to upgrade to poi-scratchpad 5....