CVE-2014-2053 — XML External Entity (XXE) Injection in Getid3

CWE-611 — XML External Entity (XXE) Injection9 documents6 sources

Severity

7.5HIGHNVD

EPSS

3.5%

top 12.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress James-heinrich Getid3 Getid3 +1 more

Timeline

PublishedJun 4

Latest updateMay 17

Description

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDowncloud/owncloud_server5.0.14+17

▶Packagistjames-heinrich/getid3< 1.9.9

▶NVDgetid3/getid31.9.7+7

▶Debianwordpress/wordpress< 3.9.2+dfsg-1+3

🔴Vulnerability Details

OSV

getID3 is vulnerable to XML External Entity (XXE)↗2022-05-17

▶

GHSA

getID3 is vulnerable to XML External Entity (XXE)↗2022-05-17

▶

OSV

CVE-2014-2053: getID3() before 1↗2014-06-04

▶

CVEList

CVE-2014-2053: getID3() before 1↗2014-06-04

▶

📋Vendor Advisories

Debian

CVE-2014-2053: php-getid3 - getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before...↗2014

▶

💬Community

Bugzilla

CVE-2014-2053 php-getid3: XML External Entity (XXE) flaw [epel-6]↗2014-08-14

▶

Bugzilla

CVE-2014-2053 php-getid3: XML External Entity (XXE) flaw↗2014-08-14

▶

Bugzilla

CVE-2014-2053 php-getid3: XML External Entity (XXE) flaw [fedora-all]↗2014-08-14

▶