CVE-2015-8557

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:pygments:pygments:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.3:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.6:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:1.6:rc1:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:2.0:*:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:pygments:pygments:2.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-08 20:59

Updated : 2017-07-01 01:29


NVD link : CVE-2015-8557

Mitre link : CVE-2015-8557


JSON object : View

Products Affected

pygments

  • pygments

canonical

  • ubuntu_linux
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')