CVE-2014-1933

EPSS 0.11% · P29 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-1933

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Python Image Library和Pillow 权限许可和访问控制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Python Image Library（PIL）是瑞士软件开发者Fredrik Lundh所研发的一个Python图像处理库。Pillow是对PIL的一些BUG修正后的编译版。 PIL 1.1.7及之前的版本和Pillow 2.3.0及之前的版本中的JpegImagePlugin.py和EpsImagePlugin.py脚本存在安全漏洞，该漏洞源于程序在命令行上使用临时文件名。本地攻击者可利用该漏洞实施符号链接攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-1933

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-1933

请登录查看更多情报信息。

https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7x_refsource_CONFIRM
http://www.securityfocus.com/bid/65513vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2168-1vendor-advisoryx_refsource_UBUNTU
https://security.gentoo.org/glsa/201612-52vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.htmlvendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2014/02/10/15mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2014/02/11/1mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2014-1933

Same Patch Batch · n/a · 2014-04-17 · 20 CVEs total

CVE-2014-0111		Apache Syncope 代码注入漏洞
CVE-2014-0645		EMC Cloud Tiering Appliance 信任管理漏洞
CVE-2014-0644		EMC Cloud Tiering Appliance XML外部实体注入漏洞
CVE-2014-2880		Oracle Identity Manager 开放重定向漏洞
CVE-2014-2879		Dell SonicWALL Email Security 跨站脚本漏洞
CVE-2014-2707		Apple cups-filters 任意命令执行漏洞
CVE-2014-2469		Oracle Solaris 拒绝服务漏洞
CVE-2014-2310		Net-SNMP 输入验证漏洞
CVE-2014-1932		Python Image Library和Pillow 后置链接漏洞
CVE-2014-0984		SAP Router ‘passwordCheck’函数信息泄露漏洞
CVE-2014-2391		Open-Xchange AppSuite 信息泄露漏洞
CVE-2014-0085		Apache Zookeeper 信任管理漏洞
CVE-2014-0071		Red Hat OpenStack 权限许可和访问控制漏洞
CVE-2014-0054		Vmware Spring Framework 跨站请求伪造漏洞
CVE-2014-0036		rbovirt gem for Ruby 加密问题漏洞
CVE-2013-2143		Katello和Red Hat Satellite 输入验证错误漏洞
CVE-2011-3154		Ubuntu Update Manager敏感信息泄露漏洞
CVE-2014-2393		Open-Xchange AppSuite 跨站脚本漏洞
CVE-2014-2392		Open-Xchange AppSuite 信息泄露漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-1933

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-1933

I. Basic Information for CVE-2014-1933

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-1933

III. Intelligence Information for CVE-2014-1933

Same Patch Batch · n/a · 2014-04-17 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-1933

Leave a comment