Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-1932
Description:The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
Test IDs: 1.3.6.1.4.1.25623.1.1.4.2014.0705.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-1932
BugTraq ID: 65511
http://www.securityfocus.com/bid/65511
https://security.gentoo.org/glsa/201612-52
http://www.openwall.com/lists/oss-security/2014/02/11/1
SuSE Security Announcement: openSUSE-SU-2014:0591 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
http://www.ubuntu.com/usn/USN-2168-1




© 1998-2024 E-Soft Inc. All rights reserved.