CVE-2014-9487

CRITICAL

MediaWiki <1.24.1, 1.23.8, 1.22.15, 1.19.23 - Info Disclosure

Title source: llm

Description

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

References (4)

Core 4

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/03/13

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201502-04

Vendor Advisory mailing-list x_refsource_mlist

https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1175828

Scores

CVSS v3 9.8

EPSS 0.0101

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-611

Status published

Products (47)

mediawiki/mediawiki 1.19 (3 CPE variants)

mediawiki/mediawiki 1.19.0

mediawiki/mediawiki 1.19.1

mediawiki/mediawiki 1.19.2

mediawiki/mediawiki 1.19.3

mediawiki/mediawiki 1.19.4

mediawiki/mediawiki 1.19.5

mediawiki/mediawiki 1.19.6

mediawiki/mediawiki 1.19.7

mediawiki/mediawiki 1.19.8

... and 37 more

Published Oct 17, 2017

Tracked Since Feb 18, 2026