OSV-2026-297

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-poi/OSV-2026-297.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/OSV-2026-297
Published
2026-02-24T00:02:29.789817Z
Modified
2026-03-11T05:59:17.896452Z
Summary
Security exception in org.apache.poi.util.IOUtils.safelyAllocate
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486522036

Crash type: Security exception
Crash state:
org.apache.poi.util.IOUtils.safelyAllocate
org.apache.poi.hssf.record.RecordInputStream.readRemainder
org.apache.poi.hssf.record.UnknownRecord.<init>
References

Affected packages

OSS-Fuzz / apache-poi

Package

Name
apache-poi
Purl
pkg:generic/apache-poi

Affected ranges

Type
GIT
Repo
https://github.com/apache/poi.git
Events
Introduced
c488cae3f3536253d0bd2c7580f08193dd70b2da
Fixed
90560c33b6f78a4b84e03a9fd8b7feaedb1e49c3

Affected versions

Other
REL_5_5_0
REL_5_5_1

Ecosystem specific 

{
    "severity": "LOW"
}

Database specific

fixed_range 
"54874ae6313bf39723040f425ecce021e497330d:90560c33b6f78a4b84e03a9fd8b7feaedb1e49c3"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-poi/OSV-2026-297.yaml"