Skip to main content

Python Imaging Library

3 CVEs product

Monthly

CVE-2014-3007 PyPI CRITICAL PATCH Act Now

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Python Pillow Python Imaging Library
NVD VulDB
CVSS 2.0
10.0
EPSS
3.0%
CVE-2014-1933 PyPI LOW POC PATCH Monitor

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Python Privilege Escalation Pillow Python Imaging Library
NVD GitHub VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1932 PyPI MEDIUM POC PATCH This Month

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library. Rated medium severity (CVSS 4.4). Public exploit code available.

Python Information Disclosure Pillow Python Imaging Library
NVD GitHub VulDB
CVSS 2.0
4.4
EPSS
0.1%
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Python Pillow +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Python Privilege Escalation Pillow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library. Rated medium severity (CVSS 4.4). Public exploit code available.

Python Information Disclosure Pillow +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy