CVE-2014-1932

2014-02-2100:00:00

ubuntu.com

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.1%

JSON

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function
in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4)
_copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier
and Pillow before 2.3.1 do not properly create temporary files, which allow
local users to overwrite arbitrary files and obtain sensitive information
via a symlink attack on the temporary file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059>

Notes

Author	Note
seth-arnold	Normally mktemp() mistakes are classed as ‘low’ because Ubuntu has hardlink and symlink protections in the kernel. However, one of the discovered flaws is almost certainly also a shell metacharacter injection problem.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpython-imaging< 1.1.7-1ubuntu0.2UNKNOWN
ubuntu12.04noarchpython-imaging< 1.1.7-4ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchpython-imaging< 1.1.7-4ubuntu0.12.10.1UNKNOWN
ubuntu13.10noarchpython-imaging< 1.1.7+2.0.0-1ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	python-imaging	< 1.1.7-1ubuntu0.2	UNKNOWN
ubuntu	12.04	noarch	python-imaging	< 1.1.7-4ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	python-imaging	< 1.1.7-4ubuntu0.12.10.1	UNKNOWN
ubuntu	13.10	noarch	python-imaging	< 1.1.7+2.0.0-1ubuntu1.1	UNKNOWN