CVE-2015-8005

Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.

How to fix CVE-2015-8005

To remediate CVE-2015-8005, upgrade the affected package to a fixed version below.

• Debian/mediawiki—upgrade to 1:1.25.5-1 or later

Is CVE-2015-8005 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.25.5-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-8005