CVE-2014-1932
Published: 21 February 2014
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
Notes
| Author | Note |
|---|---|
| seth-arnold | Normally mktemp() mistakes are classed as 'low' because Ubuntu has hardlink and symlink protections in the kernel. However, one of the discovered flaws is almost certainly also a shell metacharacter injection problem. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
pillow Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Needed
|
|
| This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. | ||
|
python-imaging Launchpad, Ubuntu, Debian |
lucid |
Released
(1.1.7-1ubuntu0.2)
|
| precise |
Released
(1.1.7-4ubuntu0.12.04.1)
|
|
| quantal |
Released
(1.1.7-4ubuntu0.12.10.1)
|
|
| saucy |
Released
(1.1.7+2.0.0-1ubuntu1.1)
|
|
| upstream |
Needed
|
|
|
Patches: upstream: https://github.com/wiredfool/Pillow/commit/a549e77bd8219a75ac745dcecc09cb963b4032a6 upstream: https://github.com/wiredfool/Pillow/commit/1e331e3e6a40141ca8eee4f5da9f74e895423b66 |
||