← volver
CVE-2014-1933

CVE-2014-1933

EPSS 0.4%
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.htmlhttps://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7https://security.gentoo.org/glsa/201612-52http://www.openwall.com/lists/oss-security/2014/02/10/15http://www.openwall.com/lists/oss-security/2014/02/11/1http://www.securityfocus.com/bid/65513http://www.ubuntu.com/usn/USN-2168-1