CVE-2014-3007
published 2014-04-27CVE-2014-3007: Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified…
critical10CVSS 3.1
AVNACLAuNCCICAC
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | < pillow 2.4.0-1 (bookworm) | pillow 2.4.0-1 (bookworm) |
| python | pillow | — | — |
| python | pillow | >= 0 < 2.4.0-1 | 2.4.0-1 |
| python | pillow | >= 0 < 2.4.0-1 | 2.4.0-1 |
| python | pillow | >= 0 < 2.4.0-1 | 2.4.0-1 |
| python | pillow | >= 0 < 2.4.0-1 | 2.4.0-1 |
| python | pillow | >= 0 < 2.5.0 | 2.5.0 |
| pythonware | python_imaging_library | <= 1.1.7 | — |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
ghsa4.4MEDIUM
osv4.4MEDIUM