MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-04-13T14:00:00
Updated: 2024-08-06T05:32:20.575Z
Reserved: 2015-04-07T00:00:00
Link: CVE-2015-2942
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-04-13T14:59:15.367
Modified: 2016-12-07T18:11:06.490
Link: CVE-2015-2942
Redhat
No data.