Lucene search
PRIOn knowledge basePRION:CVE-2014-1933HistoryApr 17, 2014 - 2:55 p.m.
Command injection
2014-04-1714:55:00
PRIOn knowledge base
www.prio-n.com
6
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pillow | le | 2.3.0 | |
| python_imaging_library | le | 1.1.7 |
References
lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
www.openwall.com/lists/oss-security/2014/02/10/15
www.openwall.com/lists/oss-security/2014/02/11/1
www.securityfocus.com/bid/65513
www.ubuntu.com/usn/USN-2168-1
github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
security.gentoo.org/glsa/201612-52
Related
cve
cve
CVE-2014-1933
2014-04-17 14:55:11
github
github
Pillow Temporary file name leakage
2020-05-18 17:41:19
openvas
openvas
Fedora Update for python-pillow FEDORA-2014-5492
2014-05-05 00:00:00
Fedora Update for python-pillow FEDORA-2014-5487
2014-05-05 00:00:00
Fedora Update for python-pillow FEDORA-2014-5487
2014-05-05 00:00:00
nvd
nvd
CVE-2014-1933
2014-04-17 14:55:11
osv
osv
Pillow Temporary file name leakage
2020-05-18 17:41:19
PYSEC-2014-23
2014-04-17 14:55:00
fedora
fedora
[SECURITY] Fedora 20 Update: python-pillow-2.2.1-4.fc20
2014-05-01 07:03:34
[SECURITY] Fedora 19 Update: python-pillow-2.0.0-13.gitd1c6db8.fc19
2014-05-01 07:01:43
[SECURITY] Fedora 19 Update: python-pillow-2.0.0-14.gitd1c6db8.fc19
2014-08-27 01:29:32
nessus
nessus
Fedora 19 : python-pillow-2.0.0-13.gitd1c6db8.fc19 (2014-5487)
2014-05-02 00:00:00
Fedora 20 : python-pillow-2.2.1-4.fc20 (2014-5492)
2014-05-02 00:00:00
Mandriva Linux Security Advisory : python-imaging (MDVSA-2014:082)
2014-05-09 00:00:00
debiancve
debiancve
CVE-2014-1933
2014-04-17 14:55:11
cvelist
cvelist
CVE-2014-1933
2014-04-17 14:00:00
securityvulns
securityvulns
Python Imaging Library security vulnerabilities
2014-05-04 00:00:00
[USN-2168-1] Python Imaging Library vulnerabilities
2014-05-04 00:00:00
pillow multiple security vulnerabilities
2015-04-19 00:00:00
ubuntu
ubuntu
Python Imaging Library vulnerabilities
2014-04-15 00:00:00
mageia
mageia
Updated python-pillow packages fix insecure use of temporary files
2014-04-03 19:18:48
Updated python-imaging package fixes insecure use of temporary files
2014-04-03 19:18:48
ubuntucve
ubuntucve
CVE-2014-1933
2014-02-21 00:00:00
CVE-2014-3007
2014-04-27 00:00:00
amazon
amazon
Important: python-pillow
2023-09-27 22:49:00
gentoo
gentoo
Pillow: Multiple vulnerabilities
2016-12-31 00:00:00