VDB

GCVE-VVD-MAGEIA-2014-550

GCVE-VVD-MAGEIA-2014-550
Advisory Published
Vulnetix · Advisory published December 26, 2014
Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks (CVE-2014-3529). It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption (CVE-2014-3574).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaapache-poi0 (affected), 3.10.1-1.mga4 (unaffected)

References

Updated apache-poi packages fix security vulnerabilities
advisory
Updated apache-poi packages fix security vulnerabilities
issue
Updated apache-poi packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›