Lucene search
UbuntuUSN-2168-1HistoryApr 15, 2014 - 12:00 a.m.
Python Imaging Library vulnerabilities
2014-04-1500:00:00
ubuntu.com
32
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.1%
Releases
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- python-imaging - Python Imaging Library
Details
Jakub Wilk discovered that the Python Imaging Library incorrectly handled
temporary files. A local attacker could possibly use this issue to
overwrite arbitrary files, or gain access to temporary file contents.
(CVE-2014-1932, CVE-2014-1933)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | python-imaging | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-imaging-dbg | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-imaging-sane | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-imaging-sane-dbg | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-imaging-tk | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python-imaging-tk-dbg | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-imaging | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-imaging-dbg | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-imaging-sane | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | python3-imaging-sane-dbg | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-2168-1)
2014-04-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0158)
2022-01-28 00:00:00
Ubuntu Update for python-imaging USN-2168-1
2014-04-21 00:00:00
ubuntucve
ubuntucve
securityvulns
securityvulns
[USN-2168-1] Python Imaging Library vulnerabilities
2014-05-04 00:00:00
Python Imaging Library security vulnerabilities
2014-05-04 00:00:00
pillow multiple security vulnerabilities
2015-04-19 00:00:00
mageia
mageia
Updated python-imaging package fixes insecure use of temporary files
2014-04-03 19:18:48
Updated python-pillow packages fix insecure use of temporary files
2014-04-03 19:18:48
Updated python-imaging and python-pillow packages fix security vulnerability
2014-11-21 15:44:16
nessus
nessus
openSUSE Security Update : python-imaging (openSUSE-SU-2014:0591-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : python-imaging (MDVSA-2014:082)
2014-05-09 00:00:00
amazon
amazon
Important: python-pillow
2023-09-27 22:49:00
fedora
fedora
[SECURITY] Fedora 19 Update: python-pillow-2.0.0-16.gitd1c6db8.fc19
2014-11-22 12:40:12
[SECURITY] Fedora 20 Update: python-pillow-2.2.1-7.fc20
2014-11-22 12:39:31
[SECURITY] Fedora 20 Update: python-pillow-2.2.1-4.fc20
2014-05-01 07:03:34
cve
cve
github
github
Pillow Temporary file name leakage
2020-05-18 17:41:19
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
2022-05-17 02:39:13
Pillow command injection
2022-05-17 04:45:39
osv
osv
PYSEC-2014-22
2014-04-17 14:55:00
Pillow Temporary file name leakage
2020-05-18 17:41:19
PYSEC-2014-23
2014-04-17 14:55:00
prion
prion
Design/Logic Flaw
2014-04-17 14:55:00
Command injection
2014-04-17 14:55:00
Design/Logic Flaw
2014-04-27 20:55:00
debiancve
debiancve
nvd
nvd
cvelist
cvelist
gentoo
gentoo
Pillow: Multiple vulnerabilities
2016-12-31 00:00:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.1%
Related for USN-2168-1