CVE-2014-2053

Published: Jun 4, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Affected (26)

Products: Owncloud: Owncloud Server · Getid3: Getid3

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud Server	Up to 5.0.14
Owncloud Owncloud Server	Version 5.0.0
Owncloud Owncloud Server	Version 5.0.10
Owncloud Owncloud Server	Version 5.0.11
Owncloud Owncloud Server	Version 5.0.12
Owncloud Owncloud Server	Version 5.0.13
Owncloud Owncloud Server	Version 5.0.14
Owncloud Owncloud Server	Version 5.0.1
Owncloud Owncloud Server	Version 5.0.2
Owncloud Owncloud Server	Version 5.0.3
Owncloud Owncloud Server	Version 5.0.4
Owncloud Owncloud Server	Version 5.0.5
Owncloud Owncloud Server	Version 5.0.6
Owncloud Owncloud Server	Version 5.0.7
Owncloud Owncloud Server	Version 5.0.8
Owncloud Owncloud Server	Version 5.0.9

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Getid3 Getid3	Up to 1.9.7
Getid3 Getid3	Version 1.9.0
Getid3 Getid3	Version 1.9.1
Getid3 Getid3	Version 1.9.2
Getid3 Getid3	Version 1.9.3
Getid3 Getid3	Version 1.9.4 b1
Getid3 Getid3	Version 1.9.5
Getid3 Getid3	Version 1.9.6
Owncloud Owncloud Server	Version 6.0.0
Owncloud Owncloud Server	Version 6.0.1