CVE-2014-9527
EPSS 1.2%Loop with Unreachable Exit Condition in Apache POI
Published: 5/17/2022Modified: 4/28/2026
Description
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
Affected packages (2)
- Debian/libapache-poi-javafrom 0, < 3.10.1-2
- Maven/org.apache.poi:poifrom 0, < 3.11
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-9527
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9527
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150228.html
- WEBhttp://poi.apache.org/changes.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:1135
- WEBhttp://secunia.com/advisories/61953
- WEBhttps://issues.apache.org/bugzilla/show_bug.cgi?id=57272
- WEBhttp://www-01.ibm.com/support/docview.wss?uid=swg21996759