Apache Software Foundation Apache Poi vulnerabilities

CVE-2025-31672 [MEDIUM] CWE-20 CVE-2025-31672: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read diff

CVE-2017-12626 [HIGH] CWE-835 CVE-2017-12626: Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinit Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

CVE-2017-5644 [MEDIUM] CWE-776 CVE-2017-5644: Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (C Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.