What is CVE-2014-1932?

CVE-2014-1932 is a vulnerability in Python Pillow, classified under Improper Link Resolution Before File Access. Published 2014-04-17.

Is CVE-2014-1932 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Python Pillow

CVE-2014-1932

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before…

EPSS: 0.001 (27.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_CONFIRM)
GLSA-201612-52 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp (mailing-list, x_refsource_MLIST)
USN-2168-1 (x_refsource_UBUNTU, vendor-advisory)
65511 (vdb-entry, x_refsource_BID)
openSUSE-SU-2014:0591 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-1932?: CVE-2014-1932 is a vulnerability in Python Pillow, classified under Improper Link Resolution Before File Access. Published 2014-04-17.
Is CVE-2014-1932 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.