CVE-2014-1933
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
Los scripts (1) JpegImagePlugin.py y (2) EpsImagePlugin.py en Python Image Library (PIL) 1.1.7 y anteriores y Pillow anterior a 2.3.1 utiliza los nombres de archivos temporales en la lĂnea de comando, lo que facilita a usuarios locales realizar ataques symlink mediante el listado de los procesos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-02-10 CVE Reserved
- 2014-04-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/02/10/15 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2014/02/11/1 | Mailing List |
|
| http://www.securityfocus.com/bid/65513 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html | 2017-07-01 | |
| http://www.ubuntu.com/usn/USN-2168-1 | 2017-07-01 | |
| https://security.gentoo.org/glsa/201612-52 | 2017-07-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Pillow Search vendor "Python" for product "Pillow" | <= 2.3.0 Search vendor "Python" for product "Pillow" and version " <= 2.3.0" | - |
Affected
| ||||||
| Pythonware Search vendor "Pythonware" | Python Imaging Library Search vendor "Pythonware" for product "Python Imaging Library" | <= 1.1.7 Search vendor "Pythonware" for product "Python Imaging Library" and version " <= 1.1.7" | - |
Affected
| ||||||