Lucene search

K

[email protected]NVD:CVE-2014-1933

HistoryApr 17, 2014 - 2:55 p.m.

CVE-2014-1933

2014-04-1714:55:11

CWE-264

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

Affected configurations

NVD

Node

pythonpillowRange≤2.3.0

OR

pythonwarepython_imaging_libraryRange≤1.1.7

References

lists.opensuse.org/opensuse-updates/2014-05/msg00002.html

www.openwall.com/lists/oss-security/2014/02/10/15

www.openwall.com/lists/oss-security/2014/02/11/1

www.securityfocus.com/bid/65513

www.ubuntu.com/usn/USN-2168-1

github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7

security.gentoo.org/glsa/201612-52

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2014-1933

nessus20 openvas18 debiancve1 cve1 github1 osv2 fedora6 prion1 cvelist1 ubuntu1 mageia2 securityvulns4 ubuntucve2 amazon1 gentoo1