CVE-2014-3574
Published: 4 September 2014
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Priority
Status
Package | Release | Status |
---|---|---|
libapache-poi-java Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.10.1-1)
|
|
cosmic |
Not vulnerable
(3.10.1-1)
|
|
disco |
Not vulnerable
(3.10.1-1)
|
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(3.10.1-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(3.10.1-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
References
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://secunia.com/advisories/60419
- http://poi.apache.org/changes.html
- https://www.cve.org/CVERecord?id=CVE-2014-3574
- NVD
- Launchpad
- Debian