Description
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
References (2)
Core 2
Core References
Issue Tracking x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
Various Sources x_refsource_misc
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
Scores
EPSS
0.0364
EPSS Percentile
88.0%
Details
CWE
CWE-78
Status
published
Products (3)
pypi/pillow
0 - 2.5.0PyPI
python/pillow
2.3.0
pythonware/python_imaging_library
< 1.1.7
Published
Apr 27, 2014
Tracked Since
Feb 18, 2026