Description
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3001
Product x_refsource_confirm
https://wordpress.org/news/2014/08/wordpress-3-9-2/
Product x_refsource_confirm
http://getid3.sourceforge.net/source/changelog.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58002
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oC-SA-2014-006/
Scores
EPSS
0.0348
EPSS Percentile
87.7%
Details
Status
published
Products (27)
getid3/getid3
1.9.0
getid3/getid3
1.9.1
getid3/getid3
1.9.2
getid3/getid3
1.9.3
getid3/getid3
1.9.4 b1
getid3/getid3
1.9.5
getid3/getid3
1.9.6
getid3/getid3
< 1.9.7
james-heinrich/getid3
0 - 1.9.9Packagist
owncloud/owncloud_server
5.0.0
... and 17 more
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026