Python Pillow vulnerabilities
62 known vulnerabilities affecting python/pillow.
Total CVEs
62
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH27MEDIUM23LOW1
Vulnerabilities
Page 4 of 4
CVE-2014-1932P4MEDIUMCVSS 4.4≤ 2.3.02014-04-17
CVE-2014-1932 [MEDIUM] CWE-59 CVE-2014-1932: The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sens
ghsanvdosv
CVE-2014-1933P4LOWCVSS 2.1≤ 2.3.02014-04-17
CVE-2014-1933 [LOW] CWE-264 CVE-2014-1933: The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
ghsanvdosv
← Previous4 / 4