Pillow command injection

GHSA-8m9x-pxwq-j236 · CVE-2014-3007 · PYSEC-2014-87

Published May 17, 2022 · Modified Oct 9, 2024

Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.5.0 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3007
WEB https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
WEB https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
PACKAGE https://github.com/python-pillow/Pillow
WEB http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes