Pygments Arbitrary Command Execution Vulnerability

Pygments is a set of syntax highlighting tools that can be used in forums, wikis and other web applications with command line tools and development packages. A security vulnerability in the 'FontManager.getnixfontpath' function in Pygments' formatters/img.py file allows remote attackers to execut...

Debian DSA-3445-1 : pygments - security update

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3445-1 (pygments - security update)

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. OpenVAS Vulnerability Test $Id: deb3445.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generat...

DSA-3445-1 pygments - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : pygments -- shell injection vulnerability (5f276780-b6ce-11e5-9731-5453ed2e2b49)

NVD reports : The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

DEBIAN-CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

Design/Logic Flaw

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

catsup (>=0.3.8 <=0.3.11), coil (=1.2.1) +9 more potentially affected by CVE-2015-8557 via pygments (>=1.6.0 <=2.0.2)

pygments PYPI version =1.6.0, =0.3.8, =0.0.1, =1.9.5, =3.0.0, =2.3.1, =3.2.0, =1.0.0, =1.0.0, =3.0.1 Source cves: CVE-2015-8557 Source advisory: OSV:PYSEC-2016-32...

PYSEC-2016-32

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

PYSEC-2016-32

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

CVE-2015-8557

CVE-2015-8557 affects Pygments up to version 2.0.2. The vulnerability lies in FontManager._get_nix_font_path (formatters/img.py) where font names containing shell metacharacters can lead to arbitrary command execution. Several sources (GHSA advisory, GLSA, Debian security notes, CNVD/Chinese trac...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

Ubuntu: Security Advisory (USN-2862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Pygments vulnerability (USN-2862-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2862-1 advisory. It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code...