CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3007

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile29.69th
PublishedApr 27, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

Affected Platforms (CPE)

πŸ“¦
Python

Pillow

= 2.3.0
πŸ“¦
Pythonware

Python Imaging Library

<= 1.1.7

References & Advisories

πŸ”— http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
πŸ”— http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059

Related Vulnerabilities

CVE-2020-53129.8

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVE-2021-252899.8

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files beca...

CVE-2020-53119.8

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

CVE-2021-345529.8

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly i...