MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a billion laughs attack, a different vulnerability than CVE-2015-2937.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | * | 1.19.23 (including) |
| Mediawiki | Mediawiki | 1.20 (including) | 1.20 (including) |
| Mediawiki | Mediawiki | 1.20.1 (including) | 1.20.1 (including) |
| Mediawiki | Mediawiki | 1.20.2 (including) | 1.20.2 (including) |
| Mediawiki | Mediawiki | 1.20.3 (including) | 1.20.3 (including) |
| Mediawiki | Mediawiki | 1.20.4 (including) | 1.20.4 (including) |
| Mediawiki | Mediawiki | 1.20.5 (including) | 1.20.5 (including) |
| Mediawiki | Mediawiki | 1.20.6 (including) | 1.20.6 (including) |
| Mediawiki | Mediawiki | 1.20.7 (including) | 1.20.7 (including) |
| Mediawiki | Mediawiki | 1.20.8 (including) | 1.20.8 (including) |
| Mediawiki | Mediawiki | 1.21 (including) | 1.21 (including) |
| Mediawiki | Mediawiki | 1.21.1 (including) | 1.21.1 (including) |
| Mediawiki | Mediawiki | 1.21.2 (including) | 1.21.2 (including) |
| Mediawiki | Mediawiki | 1.21.3 (including) | 1.21.3 (including) |
| Mediawiki | Mediawiki | 1.21.4 (including) | 1.21.4 (including) |
| Mediawiki | Mediawiki | 1.21.5 (including) | 1.21.5 (including) |
| Mediawiki | Mediawiki | 1.21.6 (including) | 1.21.6 (including) |
| Mediawiki | Mediawiki | 1.21.7 (including) | 1.21.7 (including) |
| Mediawiki | Mediawiki | 1.21.8 (including) | 1.21.8 (including) |
| Mediawiki | Mediawiki | 1.21.9 (including) | 1.21.9 (including) |
| Mediawiki | Mediawiki | 1.21.10 (including) | 1.21.10 (including) |
| Mediawiki | Mediawiki | 1.21.11 (including) | 1.21.11 (including) |
| Mediawiki | Mediawiki | 1.22.0 (including) | 1.22.0 (including) |
| Mediawiki | Mediawiki | 1.22.1 (including) | 1.22.1 (including) |
| Mediawiki | Mediawiki | 1.22.2 (including) | 1.22.2 (including) |
| Mediawiki | Mediawiki | 1.22.3 (including) | 1.22.3 (including) |
| Mediawiki | Mediawiki | 1.22.4 (including) | 1.22.4 (including) |
| Mediawiki | Mediawiki | 1.22.5 (including) | 1.22.5 (including) |
| Mediawiki | Mediawiki | 1.22.6 (including) | 1.22.6 (including) |
| Mediawiki | Mediawiki | 1.22.7 (including) | 1.22.7 (including) |
| Mediawiki | Mediawiki | 1.22.8 (including) | 1.22.8 (including) |
| Mediawiki | Mediawiki | 1.22.9 (including) | 1.22.9 (including) |
| Mediawiki | Mediawiki | 1.22.10 (including) | 1.22.10 (including) |
| Mediawiki | Mediawiki | 1.22.11 (including) | 1.22.11 (including) |
| Mediawiki | Mediawiki | 1.22.12 (including) | 1.22.12 (including) |
| Mediawiki | Mediawiki | 1.22.13 (including) | 1.22.13 (including) |
| Mediawiki | Mediawiki | 1.22.14 (including) | 1.22.14 (including) |
| Mediawiki | Mediawiki | 1.22.15 (including) | 1.22.15 (including) |
| Mediawiki | Mediawiki | 1.23.0 (including) | 1.23.0 (including) |
| Mediawiki | Mediawiki | 1.23.1 (including) | 1.23.1 (including) |
| Mediawiki | Mediawiki | 1.23.2 (including) | 1.23.2 (including) |
| Mediawiki | Mediawiki | 1.23.3 (including) | 1.23.3 (including) |
| Mediawiki | Mediawiki | 1.23.4 (including) | 1.23.4 (including) |
| Mediawiki | Mediawiki | 1.23.5 (including) | 1.23.5 (including) |
| Mediawiki | Mediawiki | 1.23.6 (including) | 1.23.6 (including) |
| Mediawiki | Mediawiki | 1.23.7 (including) | 1.23.7 (including) |
| Mediawiki | Mediawiki | 1.23.8 (including) | 1.23.8 (including) |
| Mediawiki | Mediawiki | 1.24.0 (including) | 1.24.0 (including) |
| Mediawiki | Mediawiki | 1.24.1 (including) | 1.24.1 (including) |
| Mediawiki | Ubuntu | artful | * |
| Mediawiki | Ubuntu | lucid | * |
| Mediawiki | Ubuntu | precise | * |
| Mediawiki | Ubuntu | trusty | * |
| Mediawiki | Ubuntu | upstream | * |
| Mediawiki | Ubuntu | utopic | * |
| Mediawiki | Ubuntu | vivid | * |
| Mediawiki | Ubuntu | wily | * |
| Mediawiki | Ubuntu | yakkety | * |
| Mediawiki | Ubuntu | zesty | * |