The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and previous versions and Pillow prior to 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python pillow |
||
pythonware python imaging library |