http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059

According to the versions of the python-pillow package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - Integer overflow in the ImagingResampleHorizontal     function in libImaging/Resample.c in Pillow before     3.1.1 allows remote attackers to have unspecified     impact via negative values of the new size, which     triggers a heap-based buffer overflow.(CVE-2016-4009)

  - An issue was discovered in urllib2 in Python 2.x     through 2.7.17 and urllib in Python 3.x through 3.8.0.
    CRLF injection is possible if the attacker controls a     url parameter, as demonstrated by the first argument to     urllib.request.urlopen with \r\n (specifically in the     host component of a URL) followed by an HTTP header.
    This is similar to the CVE-2019-9740 query string issue     and the CVE-2019-9947 path string issue. (This is not     exploitable when glibc has CVE-2016-10739     fixed.)(CVE-2014-3589)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - The documentation XML-RPC server in Python through     2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has     XSS via the server_title field. This occurs in     Lib/DocXMLRPCServer.py in Python 2.x, and in     Lib/xmlrpc/server.py in Python 3.x. If set_server_title     is called with untrusted input, arbitrary JavaScript     can be delivered to clients that visit the http URL for     this server.(CVE-2014-1933)

  - Directory traversal vulnerability in the (1) extract     and (2) extractall functions in the tarfile module in     Python allows user-assisted remote attackers to     overwrite arbitrary files via a .. (dot dot) sequence     in filenames in a TAR archive, a related issue to     CVE-2001-1267.(CVE-2014-1932)

  - An issue was discovered in Pillow before 6.2.0. When     reading specially crafted invalid image files, the     library can either allocate very large amounts of     memory or take an extremely long period of time to     process the image.(CVE-2019-16865)

  - libImaging/FliDecode.c in Pillow before 6.2.2 has an     FLI buffer overflow.(CVE-2020-5313)

  - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX     P mode buffer overflow.(CVE-2020-5312)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Integer overflow in the ImagingResampleHorizontal     function in libImaging/Resample.c in Pillow before     3.1.1 allows remote attackers to have unspecified     impact via negative values of the new size, which     triggers a heap-based buffer overflow.(CVE-2016-4009)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

  - An issue was discovered in Pillow before 6.2.0. When     reading specially crafted invalid image files, the     library can either allocate very large amounts of     memory or take an extremely long period of time to     process the image.(CVE-2019-16865)

  - libImaging/FliDecode.c in Pillow before 6.2.2 has an     FLI buffer overflow.(CVE-2020-5313)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Integer overflow in the ImagingResampleHorizontal     function in libImaging/Resample.c in Pillow before     3.1.1 allows remote attackers to have unspecified     impact via negative values of the new size, which     triggers a heap-based buffer overflow.(CVE-2016-4009)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Pillow before 2.7.0 allows remote attackers to cause a     denial of service via a compressed text chunk in a PNG     image that has a large size when it is     decompressed.(CVE-2014-9601)

  - Pillow before 3.3.2 allows context-dependent attackers     to execute arbitrary code by using the 'crafted image     file' approach, related to an 'Insecure Sign Extension'     issue affecting the ImagingNew in Storage.c     component.(CVE-2016-9190)

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Pillow before 2.7.0 allows remote attackers to cause a     denial of service via a compressed text chunk in a PNG     image that has a large size when it is     decompressed.(CVE-2014-9601)

  - The (1) load_djpeg function in JpegImagePlugin.py, (2)     Ghostscript function in EpsImagePlugin.py, (3) load     function in IptcImagePlugin.py, and (4) _copy function     in Image.py in Python Image Library (PIL) 1.1.7 and     earlier and Pillow before 2.3.1 do not properly create     temporary files, which allow local users to overwrite     arbitrary files and obtain sensitive information via a     symlink attack on the temporary file.(CVE-2014-1932)

  - The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py     scripts in Python Image Library (PIL) 1.1.7 and earlier     and Pillow before 2.3.1 uses the names of temporary     files on the command line, which makes it easier for     local users to conduct symlink attacks by listing the     processes.(CVE-2014-1933)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow     2.3 might allow remote attackers to execute arbitrary     commands via shell metacharacters in unspecified     vectors related to CVE-2014-1932, possibly     JpegImagePlugin.py.(CVE-2014-3007)

  - PIL/IcnsImagePlugin.py in Python Imaging Library (PIL)     and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows     remote attackers to cause a denial of service via a     crafted block size.(CVE-2014-3589)

  - Buffer overflow in the ImagingLibTiffDecode function in     libImaging/TiffDecode.c in Pillow before 3.1.1 allows     remote attackers to overwrite memory via a crafted TIFF     file.(CVE-2016-0740)

  - Buffer overflow in the ImagingFliDecode function in     libImaging/FliDecode.c in Pillow before 3.1.1 allows     remote attackers to cause a denial of service (crash)     via a crafted FLI file.(CVE-2016-0775)

  - Buffer overflow in the ImagingPcdDecode function in     PcdDecode.c in Pillow before 3.1.1 and Python Imaging     Library (PIL) 1.1.7 and earlier allows remote attackers     to cause a denial of service (crash) via a crafted     PhotoCD file.(CVE-2016-2533)

  - Pillow before 3.3.2 allows context-dependent attackers     to obtain sensitive information by using the 'crafted     image file' approach, related to an 'Integer Overflow'     issue affecting the Image.core.map_buffer in map.c     component.(CVE-2016-9189)

  - Pillow before 3.3.2 allows context-dependent attackers     to execute arbitrary code by using the 'crafted image     file' approach, related to an 'Insecure Sign Extension'     issue affecting the ImagingNew in Storage.c     component.(CVE-2016-9190)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated python-imaging packages fix security vulnerabilities :

Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1932).

Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py and EpsImagePlugin.py files of the Python Imaging Library were passed to an external process. These could be viewed on the command line, allowing an attacker to obtain the name and possibly perform symbolic link attacks, allowing them to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library (CVE-2014-1933).

The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin (CVE-2014-3589).

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters, due to an incomplete fix for CVE-2014-1932 (CVE-2014-3007).

Pillow before 2.7.0 and 2.6.2 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed (CVE-2014-9601).

Security fix for CVE-2014-3007, updated fix for CVE-2014-1932.
Followup fix for CVE-2014-1933.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
136235	EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)	Nessus	Huawei Local Security Checks	critical
135635	EulerOS Virtualization 3.0.2.2 : python-pillow (EulerOS-SA-2020-1473)	Nessus	Huawei Local Security Checks	critical
132368	EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2019-2701)	Nessus	Huawei Local Security Checks	critical
132189	EulerOS 2.0 SP3 : python-pillow (EulerOS-SA-2019-2654)	Nessus	Huawei Local Security Checks	high
131591	EulerOS 2.0 SP2 : python-pillow (EulerOS-SA-2019-2437)	Nessus	Huawei Local Security Checks	high
82352	Mandriva Linux Security Advisory : python-pillow (MDVSA-2015:099)	Nessus	Mandriva Local Security Checks	critical
79396	Fedora 19 : python-pillow-2.0.0-16.gitd1c6db8.fc19 (2014-14980)	Nessus	Fedora Local Security Checks	critical
79393	Fedora 20 : python-pillow-2.2.1-7.fc20 (2014-14883)	Nessus	Fedora Local Security Checks	critical

CVE-2014-3007

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

high

high

critical

critical

critical