Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv3

CVE-2015-8557

Published: 08/01/2016 Updated: 01/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.2
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Canonical

Vulnerability Summary

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 up to and including 2.0.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in a font name.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 15.10

canonical ubuntu linux 15.04

pygments pygments 1.4

pygments pygments 1.5

pygments pygments 1.6

pygments pygments 2.0.1

pygments pygments 1.3.1

pygments pygments 1.3

pygments pygments 2.0

pygments pygments 1.2.2

Vendor Advisories

Debian CVElist Bug Report Logs: python-pygments: CVE-2015-8557: shell injection in FontManager._get_nix_font_path
Debian Bug report logs - #802828 python-pygments: CVE-2015-8557: shell injection in FontManager_get_nix_font_path Package: python-pygments; Maintainer for python-pygments is Piotr Ożarowski <piotr@debianorg>; Source for python-pygments is src:pygments (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> ...
Ubuntu Security Notice: pygments vulnerability
Pygments could be made to crash or run programs if it processed a specially crafted font request ...
Debian Security Advisories: DSA-3445-1 pygments -- security update
Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name For the oldstable distribution (wheezy), this problem has been fixed in version 15+dfsg-1+deb7u1 For the stable distribution (jessie), this probl ...
Amazon Linux AMI: ALAS-2015-630
An unsafe use of string concatenation in a shell string occurs in FontManager If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system The name variable injected comes from the constructor of FontManager, which is invoked by ImageFormatter from options ...
Red Hat: CVE-2015-8557
The FontManager_get_nix_font_path function in formatters/imgpy in Pygments 122 through 202 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name ...

References

CWE-78http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.htmlhttp://www.openwall.com/lists/oss-security/2015/12/14/6http://seclists.org/fulldisclosure/2015/Oct/4http://www.ubuntu.com/usn/USN-2862-1https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diffhttp://www.openwall.com/lists/oss-security/2015/12/14/17http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.debian.org/security/2016/dsa-3445https://security.gentoo.org/glsa/201612-05https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802828https://usn.ubuntu.com/2862-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook