2 matches found
CVE-2014-1932
CVE-2014-1932 affects Python Imaging Library (PIL) 1.1.7 and earlier and Pillow prior to 2.3.1. The vulnerability is caused by improper creation of temporary files in PIL components (DJPEG in JpegImagePlugin.py, Ghostscript in EpsImagePlugin.py, load in IptcImagePlugin.py, and _copy in Image.py),...
CVE-2026-55798
Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...