PYSEC-2014-87

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2014-87.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-87

Aliases

CVE-2014-3007
GHSA-8m9x-pxwq-j236

Published

2014-04-27T20:55:00Z

Modified

2023-11-08T03:57:37.018008Z

Summary

[none]

Details

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

References

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059

Affected packages

PyPI / pillow

Package

Name: pillow; View open source insights on deps.dev
Purl: pkg:pypi/pillow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

2.*

2.0.0

2.1.0

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1

2.3.2

2.4.0