Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2014-9527 — Loop with Unreachable Exit Condition in Apache POI · VulnScope

CVE-2014-9527

Loop with Unreachable Exit Condition in Apache POI

EPSS 1.2%

Description

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

How to fix CVE-2014-9527

To remediate CVE-2014-9527, upgrade the affected package to a fixed version below.

Debian/libapache-poi-java—upgrade to 3.10.1-2 or later
Maven/org.apache.poi:poi—upgrade to 3.11 or later

Is CVE-2014-9527 being exploited?

Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.10.1-2
from 0, < 3.11

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-9527
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-9527
WEBlists.fedoraproject.org/pipermail/package-announce/2015-February/150228.html
WEBpoi.apache.org/changes.html
WEB

Metadata

Published: 5/17/2022
Modified: 4/28/2026

Also known as:

GHSA-x9mm-6gpf-f749ghsa
DEBIAN-CVE-2014-9527debian

access.redhat.com/errata/RHSA-2016:1135

WEBsecunia.com/advisories/61953

WEBissues.apache.org/bugzilla/show_bug.cgi?id=57272

WEBwww-01.ibm.com/support/docview.wss?uid=swg21996759

Debian/libapache-poi-java

Maven/org.apache.poi:poi