CVE-2014-1933

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
cpe:2.3:a:pythonware:python_imaging_library:*:*:*:*:*:*:*:*

Information

Published : 2014-04-17 07:55

Updated : 2017-06-30 18:29


NVD link : CVE-2014-1933

Mitre link : CVE-2014-1933


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

pythonware

  • python_imaging_library

python

  • pillow