4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
38.1%
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python
Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the
names of temporary files on the command line, which makes it easier for
local users to conduct symlink attacks by listing the processes.
Author | Note |
---|---|
seth-arnold | See also CVE-2014-1932 |
mdeslaur | same patch as CVE-2014-1932 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | python-imaging | < 1.1.7-1ubuntu0.2 | UNKNOWN |
ubuntu | 12.04 | noarch | python-imaging | < 1.1.7-4ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | python-imaging | < 1.1.7-4ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | python-imaging | < 1.1.7+2.0.0-1ubuntu1.1 | UNKNOWN |