Published: 27/04/2014 Updated: 28/04/2014

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Python Image Library (PIL) 1.1.7 and previous versions and Pillow 2.3 might allow remote malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow 2.3.0
pythonware python imaging library

The (1) load_djpeg function in JpegImagePluginpy, (2) Ghostscript function in EpsImagePluginpy, (3) load function in IptcImagePluginpy, and (4) _copy function in Imagepy in Python Image Library (PIL) 117 and earlier and Pillow before 231 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain ...

Python Image Library (PIL) 117 and earlier and Pillow 23 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePluginpy ...

CWE-78 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2286.html https://access.redhat.com/security/cve/cve-2014-3007

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3007

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect