EUVD-2014-0043

Malware in sbrugna...

RHEL 6 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pillow, python-imaging: command injection issue CVE-2014-3007 - python-pillow: Missing check for...

GHSA-8M9X-PXWQ-J236 Pillow command injection

Python Image Library PIL 1.1.7 and earlier and Pillow before 2.5.0 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS attacks. The vulnerability exists due to an infinite loop in the 'loadread' function in the JpegImagePlugin.py file. A malicious user can crash the system by sending multiple truncated files to the server...

GHSA-4FX9-VC88-Q2XC Infinite loop in Pillow

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder. If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file...

Infinite loop in Pillow

JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder. If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file...

CVE-2014-3007

Python Image Library PIL 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py...

CVE-2014-3007

Python Image Library PIL 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py...

CVE-2014-1933

The 1 JpegImagePlugin.py and 2 EpsImagePlugin.py scripts in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes...

CVE-2014-1932

The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users...