CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
94.2%
According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the ‘crafted image file’ approach, related to an ‘Integer Overflow’ issue affecting the Image.core.map_buffer in map.c component.(CVE-2016-9189)
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.(CVE-2016-2533)
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.(CVE-2016-0775)
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.(CVE-2016-0740)
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.(CVE-2016-4009)
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.(CVE-2014-3589)
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.(CVE-2014-3007)
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.(CVE-2014-1933)
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.(CVE-2014-1932)
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.(CVE-2019-16865)
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.(CVE-2020-5313)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135635);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");
script_cve_id(
"CVE-2014-1932",
"CVE-2014-1933",
"CVE-2014-3007",
"CVE-2014-3589",
"CVE-2016-0740",
"CVE-2016-0775",
"CVE-2016-2533",
"CVE-2016-4009",
"CVE-2016-9189",
"CVE-2019-16865",
"CVE-2020-5313"
);
script_bugtraq_id(
65511,
65513,
67150,
69352
);
script_name(english:"EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the python-pillow package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- Pillow before 3.3.2 allows context-dependent attackers
to obtain sensitive information by using the 'crafted
image file' approach, related to an 'Integer Overflow'
issue affecting the Image.core.map_buffer in map.c
component.(CVE-2016-9189)
- Buffer overflow in the ImagingPcdDecode function in
PcdDecode.c in Pillow before 3.1.1 and Python Imaging
Library (PIL) 1.1.7 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted
PhotoCD file.(CVE-2016-2533)
- Buffer overflow in the ImagingFliDecode function in
libImaging/FliDecode.c in Pillow before 3.1.1 allows
remote attackers to cause a denial of service (crash)
via a crafted FLI file.(CVE-2016-0775)
- Buffer overflow in the ImagingLibTiffDecode function in
libImaging/TiffDecode.c in Pillow before 3.1.1 allows
remote attackers to overwrite memory via a crafted TIFF
file.(CVE-2016-0740)
- Integer overflow in the ImagingResampleHorizontal
function in libImaging/Resample.c in Pillow before
3.1.1 allows remote attackers to have unspecified
impact via negative values of the new size, which
triggers a heap-based buffer overflow.(CVE-2016-4009)
- PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)
and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows
remote attackers to cause a denial of service via a
crafted block size.(CVE-2014-3589)
- Python Image Library (PIL) 1.1.7 and earlier and Pillow
2.3 might allow remote attackers to execute arbitrary
commands via shell metacharacters in unspecified
vectors related to CVE-2014-1932, possibly
JpegImagePlugin.py.(CVE-2014-3007)
- The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py
scripts in Python Image Library (PIL) 1.1.7 and earlier
and Pillow before 2.3.1 uses the names of temporary
files on the command line, which makes it easier for
local users to conduct symlink attacks by listing the
processes.(CVE-2014-1933)
- The (1) load_djpeg function in JpegImagePlugin.py, (2)
Ghostscript function in EpsImagePlugin.py, (3) load
function in IptcImagePlugin.py, and (4) _copy function
in Image.py in Python Image Library (PIL) 1.1.7 and
earlier and Pillow before 2.3.1 do not properly create
temporary files, which allow local users to overwrite
arbitrary files and obtain sensitive information via a
symlink attack on the temporary file.(CVE-2014-1932)
- An issue was discovered in Pillow before 6.2.0. When
reading specially crafted invalid image files, the
library can either allocate very large amounts of
memory or take an extremely long period of time to
process the image.(CVE-2019-16865)
- libImaging/FliDecode.c in Pillow before 6.2.2 has an
FLI buffer overflow.(CVE-2020-5313)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1473
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e06f39ab");
script_set_attribute(attribute:"solution", value:
"Update the affected python-pillow packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:ND");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4009");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-pillow");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["python-pillow-2.0.0-19.h5.gitd1c6db8.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-pillow");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
www.nessus.org/u?e06f39ab
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
94.2%