Lucene search
K

4 matches found

CVE
CVE
added 2014/04/17 2:0 p.m.120 views

CVE-2014-1932

CVE-2014-1932 affects Python Imaging Library (PIL) 1.1.7 and earlier and Pillow prior to 2.3.1. The vulnerability is caused by improper creation of temporary files in PIL components (DJPEG in JpegImagePlugin.py, Ghostscript in EpsImagePlugin.py, load in IptcImagePlugin.py, and _copy in Image.py),...

4.4CVSS7.1AI score0.00492EPSS
CVE
CVE
added 2014/08/25 2:0 p.m.99 views

CVE-2014-3589

CVE-2014-3589 affects PIL/Pillow’s IcnsImagePlugin.py: Pillow and PIL before 2.3.2 and 2.5.x before 2.5.2 are vulnerable to a denial-of-service via a crafted block size. The root cause is an issue in image handling that allows remote attackers to trigger resource exhaustion. Affected products inc...

5CVSS6.4AI score0.03587EPSS
CVE
CVE
added 2014/04/17 2:0 p.m.95 views

CVE-2014-1933

CVE-2014-1933 and related flaws affect Python Imaging Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1, where temporary-file handling and command-line file-name usage enable local and symlink-based attacks (e.g., load_djpeg, EpsImagePlugin.py, IptcImagePlugin.py, Image.py). Root causes inc...

2.1CVSS7.3AI score0.00448EPSS
CVE
CVE
added 2014/04/27 8:0 p.m.79 views

CVE-2014-3007

The CVE-2014-3007 entry concerns Python Imaging Library (PIL) 1.1.7 and earlier and Pillow 2.3, where command injection could occur via shell metacharacters. Description states vulnerable components include PIL/Pillow-related code and mentions CVE-2014-1932 with possible involvement of JpegImageP...

10CVSS7.8AI score0.11959EPSS