Description
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2862-1
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/14/6
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/12/14/17
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/4
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3445
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-05
Vendor Advisory x_refsource_misc
https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
Scores
CVSS v3
9.0
EPSS
0.0666
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (13)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/ubuntu_linux
15.10
pygments/pygments
1.2.2
pygments/pygments
1.3
pygments/pygments
1.3.1
pygments/pygments
1.4
pygments/pygments
1.5
pygments/pygments
1.6 (2 CPE variants)
... and 3 more
Published
Jan 08, 2016
Tracked Since
Feb 18, 2026