Apache Poi
7 CVEs affecting Apache Poi. Latest disclosed: 2018-01-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-12626 | High | 7.5 | 2018-01-29 | Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI… |
CVE-2017-5644 | Medium | 5.5 | 2017-03-24 | Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an… |
CVE-2016-5000 | Medium | 5.5 | 2016-08-05 | The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity dec… |
CVE-2014-9527 | | 2015-01-06 | HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | |
CVE-2014-3574 | | 2014-09-04 | Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file… | |
CVE-2014-3529 | | 2014-09-04 | The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration… | |
CVE-2012-0213 | | 2012-08-07 | The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of servic… |