Apache

Poi

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-31672

Media report
  • EPSS 0.23%
  • Published 09.04.2025 11:59:33
  • Last modified 15.07.2025 19:08:21

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate n...

5.5

CVE-2022-26336

  • EPSS 0.05%
  • Published 04.03.2022 16:15:10
  • Last modified 21.11.2024 06:53:46

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad ...

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Published 23.10.2019 20:15:12
  • Last modified 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

7.5

CVE-2017-12626

  • EPSS 3.17%
  • Published 29.01.2018 17:29:00
  • Last modified 21.11.2024 03:09:55

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and ...

7.1

CVE-2017-5644

  • EPSS 0.69%
  • Published 24.03.2017 14:59:00
  • Last modified 20.04.2025 01:37:25

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

5.5

CVE-2016-5000

  • EPSS 0.3%
  • Published 05.08.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...

5

CVE-2014-9527

  • EPSS 1.23%
  • Published 06.01.2015 15:59:05
  • Last modified 12.04.2025 10:46:40

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

4.3

CVE-2014-3529

  • EPSS 4.55%
  • Published 04.09.2014 17:55:05
  • Last modified 12.04.2025 10:46:40

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3

CVE-2014-3574

  • EPSS 11.11%
  • Published 04.09.2014 17:55:05
  • Last modified 12.04.2025 10:46:40

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

5

CVE-2012-0213

  • EPSS 13.06%
  • Published 07.08.2012 21:55:01
  • Last modified 11.04.2025 00:51:21

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value ...