Apache

Poi

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-31672

Medienbericht
  • EPSS 0.23%
  • Veröffentlicht 09.04.2025 11:59:33
  • Zuletzt bearbeitet 15.07.2025 19:08:21

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate n...

5.5

CVE-2022-26336

  • EPSS 0.05%
  • Veröffentlicht 04.03.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:53:46

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad ...

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Veröffentlicht 23.10.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

7.5

CVE-2017-12626

  • EPSS 3.17%
  • Veröffentlicht 29.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:09:55

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and ...

7.1

CVE-2017-5644

  • EPSS 0.69%
  • Veröffentlicht 24.03.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

5.5

CVE-2016-5000

  • EPSS 0.3%
  • Veröffentlicht 05.08.2016 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...

5

CVE-2014-9527

  • EPSS 1.23%
  • Veröffentlicht 06.01.2015 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

4.3

CVE-2014-3529

  • EPSS 4.55%
  • Veröffentlicht 04.09.2014 17:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3

CVE-2014-3574

  • EPSS 11.11%
  • Veröffentlicht 04.09.2014 17:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

5

CVE-2012-0213

  • EPSS 13.06%
  • Veröffentlicht 07.08.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value ...