VDB

GCVE-110-MAGEIA-2014-158

GCVE-110-MAGEIA-2014-158
Advisory Published
Vulnetix · Advisory published April 3, 2014
Updated python-imaging packages fix security vulnerabilities: Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1932). Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py and EpsImagePlugin.py files of the Python Imaging Library were passed to an external process. These could be viewed on the command line, allowing an attacker to obtain the name and possibly perform symbolic link attacks, allowing them to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1933).

Affected Products

VendorProductVersionsPlatforms
Mageiapython-imaging1.1.7-7.1.mga3 (unaffected), 0 (affected), 0 (affected), 1.1.7-7.1.mga3 (unaffected)
Mageiamosh0 (affected), 1.2.4-1.mga4 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›