PT-2014-5016 · Python · Pillow+1

Published

2014-04-27

Updated

2022-05-17

CVE-2014-3007

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 2.5.0 Python Image Library (PIL) versions 1.1.7 and earlier

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors, possibly related to JpegImagePlugin.py.

Recommendations For Pillow versions prior to 2.5.0, update to version 2.5.0 or later. For Python Image Library (PIL) versions 1.1.7 and earlier, consider migrating to Pillow version 2.5.0 or later as a mitigation measure.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-3007

GHSA-8M9X-PXWQ-J236

MGASA-2014-0476

PYSEC-2014-87

USN-2168-1

Affected Products

Pillow

Python Image Library

PT-2014-5016 · Python · Pillow+1

CVE-2014-3007

Weakness Enumeration

Related Identifiers

Affected Products

References · 18