Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-1933

Good to know:

icon
icon

Date: April 17, 2014

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

Language: Python

Severity Score

Related Resources (13)

https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
https://access.redhat.com/security/cve/CVE-2014-1933
https://nvd.nist.gov/vuln/detail/CVE-2014-1933
http://www.openwall.com/lists/oss-security/2014/02/10/15
https://github.com/advisories/GHSA-r854-96gq-rfg3
http://www.ubuntu.com/usn/USN-2168-1
http://www.securityfocus.com/bid/65513
http://www.openwall.com/lists/oss-security/2014/02/11/1
https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
https://github.com/python-imaging/Pillow
https://security.gentoo.org/glsa/201612-52
https://www.mend.io/vulnerability-database/CVE-2014-1933

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

icon

Upgrade Version

Upgrade to version 2.3.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us