CVE-2014-1933
N/A
N/A
Summary
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201612-52
- http://www.openwall.com/lists/oss-security/2014/02/10/15
- https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
- http://www.openwall.com/lists/oss-security/2014/02/11/1
- http://www.ubuntu.com/usn/USN-2168-1
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
- http://www.securityfocus.com/bid/65513
References
- https://security.gentoo.org/glsa/201612-52
- http://www.openwall.com/lists/oss-security/2014/02/10/15
- https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
- http://www.openwall.com/lists/oss-security/2014/02/11/1
- http://www.ubuntu.com/usn/USN-2168-1
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
- http://www.securityfocus.com/bid/65513
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.