CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9527 – apache-poi: denial of service in HSLFSlideShow via corrupted PPT file
https://notcve.org/view.php?id=CVE-2014-9527
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. HSLFSlideShow en Apache POI anterior a 3.11 permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de un fichero PPT manipulado. A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150228.html http://poi.apache.org/changes.html http://secunia.com/advisories/61953 http://www-01.ibm.com/support/docview.wss?uid=swg21996759 http://www.securityfocus.com/bid/77726 https://access.redhat.com/errata/RHSA-2016:1135 https://issues.apache.org/bugzilla/show_bug.cgi?id=57272 https://access.redhat.com/security/cve/CVE-2014-9527 https://bugzilla.redhat.com/show_bug.cgi?id=1181223 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 65EXPL: 0CVE-2014-3574 – apache-poi: entity expansion (billion laughs) flaw
https://notcve.org/view.php?id=CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. Apache POI anterior a 3.10.1 y 3.11.x anterior a 3.11-beta2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y caída) a través de un fichero OOXML manipulado, también conocido como un ataque de expansión de entidad XML (XEE). It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption. • http://poi.apache.org/changes.html http://rhn.redhat.com/errata/RHSA-2014-1370.html http://rhn.redhat.com/errata/RHSA-2014-1398.html http://rhn.redhat.com/errata/RHSA-2014-1399.html http://rhn.redhat.com/errata/RHSA-2014-1400.html http://secunia.com/advisories/59943 http://secunia.com/advisories/60419 http://secunia.com/advisories/61766 http://www-01.ibm.com/support/docview.wss?uid=swg21996759 http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt http:/&# •