Remote Denial of Service in Apache POI Vulnerable to Crafted OOXML Files
CVE-2014-3574

Currently unrated

Key Information:

Vendor

Apache
Status
Poi
Vendor
CVE Published:
4 September 2014

What is CVE-2014-3574?

Remote attackers can exploit a vulnerability in Apache POI, allowing them to craft specially constructed OOXML files that lead to excessive CPU consumption and application crashes. This is primarily due to an XML Entity Expansion (XEE) attack, which can destabilize services relying on the affected versions of Apache POI.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21996759
x_refsource_CONFIRM
http://www.securityfocus.com/bid/69648
vdb-entryx_refsource_BID
http://poi.apache.org/changes.html
x_refsource_CONFIRM

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.