DEBIAN-CVE-2014-3529

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2014-3529

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-3529.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2014-3529

Upstream

CVE-2014-3529

Published

2014-09-04T17:55:05Z

Modified

2025-09-19T06:20:36Z

Summary

[none]

Details

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

https://security-tracker.debian.org/tracker/CVE-2014-3529

Affected packages

Debian:11 / libapache-poi-java

Package

Name: libapache-poi-java
Purl: pkg:deb/debian/libapache-poi-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libapache-poi-java

Package

Name: libapache-poi-java
Purl: pkg:deb/debian/libapache-poi-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libapache-poi-java

Package

Name: libapache-poi-java
Purl: pkg:deb/debian/libapache-poi-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libapache-poi-java

Package

Name: libapache-poi-java
Purl: pkg:deb/debian/libapache-poi-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}