CVE-2014-3007
Published: 27 April 2014
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
Notes
Author | Note |
---|---|
mdeslaur | fixed at the same time as CVE-2014-1932 and CVE-2014-1933 |
Priority
Status
Package | Release | Status |
---|---|---|
python-imaging Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(1.1.7-1ubuntu0.2)
|
|
precise |
Released
(1.1.7-4ubuntu0.12.04.1)
|
|
quantal |
Released
(1.1.7-4ubuntu0.12.10.1)
|
|
saucy |
Released
(1.1.7+2.0.0-1ubuntu1.1)
|
|
trusty |
Does not exist
|
|
pillow Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Released
(2.3.0-1ubuntu3)
|