VYPR
Critical severity9.0NVD Advisory· Published Jan 8, 2016· Updated Jun 17, 2026

CVE-2015-8557

CVE-2015-8557

Description

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
PygmentsPyPI
>= 1.2.2, < 2.12.1

Affected products

15
  • Pygments/Pygments10 versions
    cpe:2.3:a:pygments:pygments:1.2.2:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:pygments:pygments:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:1.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pygments:pygments:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.2.2, < 2.1

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.