VYPR
High severityNVD Advisory· Published Apr 17, 2014· Updated Jun 17, 2026

CVE-2014-1932

CVE-2014-1932

Description

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pillowPyPI
< 2.3.12.3.1

Affected products

3

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.