CVE-2014-1932
Pillow < 2.3.1 - Arbitrary File Write via Symlink Attack on Temporary Files
Title source: llmDescription
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-52
Exploit, Patch x_refsource_confirm
https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/11/1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2168-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65511
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
Scores
EPSS
0.0010
EPSS Percentile
26.7%
Details
CWE
CWE-59
Status
published
Products (3)
pypi/pillow
0 - 2.3.1PyPI
python/pillow
< 2.3.0
pythonware/python_imaging_library
< 1.1.7
Published
Apr 17, 2014
Tracked Since
Feb 18, 2026