Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-95zd-g97m-ekh3
Vulnerability ID VCID-95zd-g97m-ekh3
Aliases CVE-2014-2053
GHSA-5v43-55m5-qr8f
Summary getID3 is vulnerable to XML External Entity (XXE) getID3() before 1.9.9, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-611 Improper Restriction of XML External Entity Reference
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://getid3.sourceforge.net/source/changelog.txt
generic_textual HIGH http://owncloud.org/about/security/advisories/oC-SA-2014-006
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.0197 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
epss 0.03481 https://api.first.org/data/v1/epss?cve=CVE-2014-2053
generic_textual HIGH http://secunia.com/advisories/58002
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-5v43-55m5-qr8f
generic_textual HIGH https://github.com/FriendsOfPHP/security-advisories/blob/master/james-heinrich/getid3/CVE-2014-2053.yaml
generic_textual HIGH https://github.com/JamesHeinrich/getID3
generic_textual HIGH https://github.com/JamesHeinrich/getID3/commit/afbdaa044a9a0a9dff2f800bd670e231b3ec99b2
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2014-2053
generic_textual HIGH https://wordpress.org/news/2014/08/wordpress-3-9-2
generic_textual HIGH http://www.debian.org/security/2014/dsa-3001
Reference id Reference type URL
http://getid3.sourceforge.net/source/changelog.txt
http://owncloud.org/about/security/advisories/oC-SA-2014-006
https://api.first.org/data/v1/epss?cve=CVE-2014-2053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5266
http://secunia.com/advisories/58002
https://github.com/FriendsOfPHP/security-advisories/blob/master/james-heinrich/getid3/CVE-2014-2053.yaml
https://github.com/JamesHeinrich/getID3
https://github.com/JamesHeinrich/getID3/commit/afbdaa044a9a0a9dff2f800bd670e231b3ec99b2
https://nvd.nist.gov/vuln/detail/CVE-2014-2053
https://wordpress.org/news/2014/08/wordpress-3-9-2
http://www.debian.org/security/2014/dsa-3001
757312 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312
GHSA-5v43-55m5-qr8f https://github.com/advisories/GHSA-5v43-55m5-qr8f
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.8347
EPSS Score 0.0197
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:08:22.330898+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5v43-55m5-qr8f/GHSA-5v43-55m5-qr8f.json 38.0.0