CVE-2014-1610
Published: 30 January 2014
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.22.2)
|
|
cosmic |
Not vulnerable
(1.22.2)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [1:1.19.11+dfsg-1])
|
|
upstream |
Released
(1:1.19.11+dfsg-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
References
- https://gerrit.wikimedia.org/r/#/c/110215/
- https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php
- https://gerrit.wikimedia.org/r/#/c/110069/
- https://bugzilla.wikimedia.org/show_bug.cgi?id=60339
- https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff
- https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff
- http://secunia.com/advisories/56695
- http://osvdb.org/102630
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html
- https://www.cve.org/CVERecord?id=CVE-2014-1610
- NVD
- Launchpad
- Debian