Vulnerability in Python Pillow
CVE-2014-1933
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct sy…
EPSS: 0.001 (29.1th percentile) — read the EPSS interpretation.
Affected products
- Python Pillow
- Pythonware Python_imaging_library
- N/a — versions n/a
Weakness classification (CWE)
References
- GLSA-201612-52 (vendor-advisory, x_refsource_GENTOO)
- [oss-security] 20140210 CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- [oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp (mailing-list, x_refsource_MLIST)
- USN-2168-1 (x_refsource_UBUNTU, vendor-advisory)
- openSUSE-SU-2014:0591 (vendor-advisory, x_refsource_SUSE)
- 65513 (vdb-entry, x_refsource_BID)