CVE-2014-3007

critical

Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html

Details

Source: Mitre, NVD

Published: 2014-04-27

Updated: 2014-04-28

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H