Critical severityNVD Advisory· Published Apr 27, 2014· Updated May 6, 2026

CVE-2014-3007

Description

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pillowPyPI	< 2.5.0	2.5.0

Affected products

Python (programming language)/Pillow
cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
Pythonware/Python Imaging Library
cpe:2.3:a:pythonware:python_imaging_library:*:*:*:*:*:*:*:*
Range: <=1.1.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-8m9x-pxwq-j236ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-3007ghsaADVISORY
people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.htmlnvdWEB
bugs.debian.org/cgi-bin/bugreport.cginvdWEB
github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000