CVE-2014-1933

Advisory

Pillow-simd 2.3.1 includes a fix for CVE-2014-1933: The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
• http://www.ubuntu.com/usn/USN-2168-1
• http://www.openwall.com/lists/oss-security/2014/02/10/15
• http://www.openwall.com/lists/oss-security/2014/02/11/1
• https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
• http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
• http://www.securityfocus.com/bid/65513
• https://security.gentoo.org/glsa/201612-52