OS Command Injection - CVE-2015-8557
Published: January 8, 2016 / Updated: August 4, 2020
Vulnerability identifier: #VU33604
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2015-8557
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
How to mitigate CVE-2015-8557
Install update from vendor's website.
Sources
- http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
- http://seclists.org/fulldisclosure/2015/Oct/4
- http://www.debian.org/security/2016/dsa-3445
- http://www.openwall.com/lists/oss-security/2015/12/14/17
- http://www.openwall.com/lists/oss-security/2015/12/14/6
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.ubuntu.com/usn/USN-2862-1
- https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
- https://security.gentoo.org/glsa/201612-05