CVE-2014-3574
Published: 4 September 2014
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libapache-poi-java Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(3.10.1-1)
|
|
| cosmic |
Not vulnerable
(3.10.1-1)
|
|
| disco |
Not vulnerable
(3.10.1-1)
|
|
| lucid |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(3.10.1-1)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(3.10.1-1)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
References
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://secunia.com/advisories/60419
- http://poi.apache.org/changes.html
- https://www.cve.org/CVERecord?id=CVE-2014-3574
- NVD
- Launchpad
- Debian