Home

CVE-2015-8557

Description

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

Risk Information

Base Score
9.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.995

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2015-8557 are fixed in Python-pygments 2.1Windows
syntax highlighting package written in Python (USN-2862-1) python-pygments_2.0.1+dfsg-1svn1.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python-pygments_1.4+dfsg-2ubuntu0.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python-pygments_1.6+dfsg-1ubuntu1.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python-pygments_2.0.1+dfsg-1.1svn1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python3-pygments_2.0.1+dfsg-1svn1.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python3-pygments_1.4+dfsg-2ubuntu0.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python3-pygments_1.6+dfsg-1ubuntu1.1_all.debLinux
syntax highlighting package written in Python (USN-2862-1) python3-pygments_2.0.1+dfsg-1.1svn1_all.debLinux
Vulnerabilities CVE-2015-8557 are fixed in Python-pygments for linux 2.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234