CVE-2014-3007 – pillow

Package

Manager: pip
Name: pillow
Vulnerable Version: >=0 <2.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01846 pctl0.82279

Details

Pillow command injection Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.5.0 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

Metadata

Created: 2022-05-17T04:45:39Z
Modified: 2024-10-09T20:47:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8m9x-pxwq-j236/GHSA-8m9x-pxwq-j236.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-8m9x-pxwq-j236
Finding: F404
Auto approve: 1