CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-3007

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile29.69th
Published2014年4月27日
Last Modified2026年5月6日

Vulnerability Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

Affected Platforms (CPE)

📦
Python

Pillow

= 2.3.0
📦
Pythonware

Python Imaging Library

<= 1.1.7

References & Advisories

🔗 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
🔗 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059

関連する脆弱性情報

CVE-2020-53129.8

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVE-2021-252899.8

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files beca...

CVE-2020-53119.8

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

CVE-2021-345529.8

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly i...