CVE-2014-1932 — Link Following in Pillow

CWE-59 — Link Following CWE-377 — Insecure Temporary File CWE-78 — OS Command Injection21 documents8 sources

Severity

10.0CRITICALNVD

NVD4.4CNA4.4GHSA4.4OSV4.4

EPSS

0.1%

top 73.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Pillow Pythonware Python Imaging Library

Timeline

PublishedApr 17

Latest updateMay 17

Description

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages4 packages

▶PyPIpython/pillow< 2.5.0+1

▶Debianpython/pillow< 2.4.0-1+3

▶NVDpython/pillow2.3.0+1

▶NVDpythonware/python_imaging_library1.1.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Pillow command injection↗2022-05-17

▶

OSV

PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles↗2022-05-17

▶

GHSA

PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles↗2022-05-17

▶

GHSA

Pillow command injection↗2022-05-17

▶

OSV

CVE-2014-3007: Python Image Library (PIL) 1↗2014-04-27

▶

📋Vendor Advisories

Ubuntu

Python Imaging Library vulnerabilities↗2014-04-15

▶

Red Hat

python-imaging: insecure temporary file creation↗2014-01-29

▶

Red Hat

python-imaging: command injection issue↗2014-01-29

▶

Debian

CVE-2014-3007: pillow - Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote a...↗2014

▶

Debian

CVE-2014-1932: pillow - The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in E...↗2014

▶

💬Community

Bugzilla

CVE-2014-3007 python-pillow: python-pillow, python-imaging: command injection issue [fedora-all]↗2014-11-12

▶

Bugzilla

CVE-2014-3007 python-pillow, python-imaging: command injection issue↗2014-05-05

▶

Bugzilla

CVE-2014-1933 CVE-2014-1932 python-pillow: various flaws [fedora-all]↗2014-04-22

▶

Bugzilla

CVE-2014-1932 python26-imaging: python-imaging: insecure temporary file creation [epel-5]↗2014-02-11

▶

Bugzilla

CVE-2014-1932 python-pillow, python-imaging: insecure temporary file creation↗2014-02-11

▶