CVE-2014-1932 - OpenCVE

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Python	Pillow
Pythonware	Python Imaging Library

Configuration 1 [-]

OR	cpe:2.3:a:python:pillow::::::::
	cpe:2.3:a:pythonware:python_imaging_library::::::::

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
http://www.openwall.com/lists/oss-security/2014/02/11/1
http://www.securityfocus.com/bid/65511
http://www.ubuntu.com/usn/USN-2168-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7	Exploit Patch
https://security.gentoo.org/glsa/201612-52

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-17T14:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2014-02-10T00:00:00

Link: CVE-2014-1932

JSON object: View

NVD Information

Status : Modified

Published: 2014-04-17T14:55:11.090

Modified: 2017-07-01T01:29:05.640

Link: CVE-2014-1932

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059"}, {"name": "GLSA-201612-52", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-52"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7"}, {"name": "[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1"}, {"name": "USN-2168-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2168-1"}, {"name": "65511", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65511"}, {"name": "openSUSE-SU-2014:0591", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059"}, {"name": "GLSA-201612-52", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-52"}, {"name": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7", "refsource": "CONFIRM", "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7"}, {"name": "[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1"}, {"name": "USN-2168-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2168-1"}, {"name": "65511", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65511"}, {"name": "openSUSE-SU-2014:0591", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1932", "datePublished": "2014-04-17T14:00:00", "dateReserved": "2014-02-10T00:00:00", "dateUpdated": "2017-06-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1BAE1A0-BC57-4410-83DD-DB85B992398A", "versionEndIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pythonware:python_imaging_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0BFFC56-855D-49E5-A4FD-7AA2D68F5B5C", "versionEndIncluding": "1.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file."}, {"lang": "es", "value": "Las funciones (1) load_djpeg ein JpegImagePlugin.py, (2) Ghostscript en EpsImagePlugin.py, (3) load en IptcImagePlugin.py and (4) _copy en Image.py en Python Image Library (PIL) 1.1.7 y anteriores y Pillow anterior a 2.3.1 no crean debidamente archivos temporales, lo que permite a usuarios locales sobrescribir archivos arbitrarios y obtener informaci\u00f3n sensible a trav\u00e9s de un ataque symlink sobre el archivo temporal."}], "id": "CVE-2014-1932", "lastModified": "2017-07-01T01:29:05.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-17T14:55:11.090", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65511"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2168-1"}, {"source": "cve@mitre.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-52"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}