Pygments vulnerability

2016-01-0700:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

Releases

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

pygments - syntax highlighting package written in Python

Details

It was discovered that Pygments incorrectly sanitized strings used to
search system fonts. An attacker could possibly use this issue to execute
arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu15.10noarchpython-pygments< 2.0.1+dfsg-1.1svn1.1UNKNOWN
Ubuntu15.10noarchpython-pygments-doc< 2.0.1+dfsg-1.1svn1.1UNKNOWN
Ubuntu15.10noarchpython3-pygments< 2.0.1+dfsg-1.1svn1.1UNKNOWN
Ubuntu15.04noarchpython-pygments< 2.0.1+dfsg-1svn1.1UNKNOWN
Ubuntu15.04noarchpython-pygments-doc< 2.0.1+dfsg-1svn1.1UNKNOWN
Ubuntu15.04noarchpython3-pygments< 2.0.1+dfsg-1svn1.1UNKNOWN
Ubuntu14.04noarchpython-pygments< 1.6+dfsg-1ubuntu1.1UNKNOWN
Ubuntu14.04noarchpython3-pygments< 1.6+dfsg-1ubuntu1.1UNKNOWN
Ubuntu12.04noarchpython-pygments< 1.4+dfsg-2ubuntu0.1UNKNOWN
Ubuntu12.04noarchpython3-pygments< 1.4+dfsg-2ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	15.10	noarch	python-pygments	< 2.0.1+dfsg-1.1svn1.1	UNKNOWN
Ubuntu	15.10	noarch	python-pygments-doc	< 2.0.1+dfsg-1.1svn1.1	UNKNOWN
Ubuntu	15.10	noarch	python3-pygments	< 2.0.1+dfsg-1.1svn1.1	UNKNOWN
Ubuntu	15.04	noarch	python-pygments	< 2.0.1+dfsg-1svn1.1	UNKNOWN
Ubuntu	15.04	noarch	python-pygments-doc	< 2.0.1+dfsg-1svn1.1	UNKNOWN
Ubuntu	15.04	noarch	python3-pygments	< 2.0.1+dfsg-1svn1.1	UNKNOWN
Ubuntu	14.04	noarch	python-pygments	< 1.6+dfsg-1ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	python3-pygments	< 1.6+dfsg-1ubuntu1.1	UNKNOWN
Ubuntu	12.04	noarch	python-pygments	< 1.4+dfsg-2ubuntu0.1	UNKNOWN
Ubuntu	12.04	noarch	python3-pygments	< 1.4+dfsg-2ubuntu0.1	UNKNOWN