2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
www.openwall.com/lists/oss-security/2014/02/10/15
www.openwall.com/lists/oss-security/2014/02/11/1
www.securityfocus.com/bid/65513
www.ubuntu.com/usn/USN-2168-1
github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
security.gentoo.org/glsa/201612-52