Your submission was sent successfully! Close

CVE-2014-1932

Published: 21 February 2014

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

Priority

Medium

Status

Package Release Status
pillow
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

upstream Needed

python-imaging
Launchpad, Ubuntu, Debian
lucid
Released (1.1.7-1ubuntu0.2)
precise
Released (1.1.7-4ubuntu0.12.04.1)
quantal
Released (1.1.7-4ubuntu0.12.10.1)
saucy
Released (1.1.7+2.0.0-1ubuntu1.1)
upstream Needed

Notes

AuthorNote
seth-arnold
Normally mktemp() mistakes are classed as 'low' because Ubuntu has
hardlink and symlink protections in the kernel. However, one of the discovered
flaws is almost certainly also a shell metacharacter injection problem.

References

Bugs