CVE-2014-1933

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 2.3.1 Python Image Library (PIL) versions 1.1.7 and earlier

Description The issue in the JpegImagePlugin.py and EpsImagePlugin.py scripts makes it easier for local users to conduct symlink attacks by listing the processes. This is due to the scripts using the names of temporary files on the command line.

Recommendations For Pillow versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. For Python Image Library (PIL) versions 1.1.7 and earlier, consider upgrading to Pillow, as PIL is no longer maintained, and then update to version 2.3.1 or later.