Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python Image Library和Pillow 权限许可和访问控制漏洞
Vulnerability Description
Python Image Library(PIL)是瑞士软件开发者Fredrik Lundh所研发的一个Python图像处理库。Pillow是对PIL的一些BUG修正后的编译版。 PIL 1.1.7及之前的版本和Pillow 2.3.0及之前的版本中的JpegImagePlugin.py和EpsImagePlugin.py脚本存在安全漏洞,该漏洞源于程序在命令行上使用临时文件名。本地攻击者可利用该漏洞实施符号链接攻击。
CVSS Information
N/A
Vulnerability Type
N/A