Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python Image Library和Pillow 后置链接漏洞
Vulnerability Description
Python Image Library(PIL)是瑞士软件开发者Fredrik Lundh所研发的一个Python图像处理库。Pillow是对PIL的一些BUG修正后的编译版。 PIL 1.1.7及之前的版本和Pillow 2.3.0及之前的版本中的JpegImagePlugin.py文件的‘load_djpeg’函数;EpsImagePlugin.py文件的‘Ghostscript’函数;IptcImagePlugin.py文件的‘load’函数;Image.py文件的‘_copy’函数存在安全漏洞,
CVSS Information
N/A
Vulnerability Type
N/A