VDB
GCVE-110-MAGEIA-2014-158
GCVE-110-MAGEIA-2014-158
Advisory Published
Updated python-imaging packages fix security vulnerabilities:
Jakub Wilk discovered that temporary files were insecurely created (via
mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and
EpsImagePlugin.py files of Python Imaging Library. A local attacker could use
this flaw to perform a symbolic link attack to modify an arbitrary file
accessible to the user running an application that uses the Python Imaging
Library (CVE-2014-1932).
Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py
and EpsImagePlugin.py files of the Python Imaging Library were passed to an
external process. These could be viewed on the command line, allowing an
attacker to obtain the name and possibly perform symbolic link attacks,
allowing them to modify an arbitrary file accessible to the user running an
application that uses the Python Imaging Library (CVE-2014-1933).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-imaging | 1.1.7-7.1.mga3 (unaffected), 0 (affected), 0 (affected), 1.1.7-7.1.mga3 (unaffected) | — |
| Mageia | mosh | 0 (affected), 1.2.4-1.mga4 (unaffected) | — |
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.