Search for vulnerabilities
Vulnerability details: VCID-mf65-5asp-vkfs
Vulnerability ID VCID-mf65-5asp-vkfs
Aliases CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32
Summary The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 9.0 http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
generic_textual CRITICAL http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
epss 0.09142 https://api.first.org/data/v1/epss?cve=CVE-2015-8557
cvssv3.1 9.0 https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
generic_textual CRITICAL https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
cvssv3.1 9.0 http://seclists.org/fulldisclosure/2015/Oct/4
generic_textual CRITICAL http://seclists.org/fulldisclosure/2015/Oct/4
cvssv3.1 9.0 https://github.com/advisories/GHSA-fff8-4w9p-7v76
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-fff8-4w9p-7v76
generic_textual CRITICAL https://github.com/advisories/GHSA-fff8-4w9p-7v76
cvssv3.1 9.0 https://github.com/pygments/pygments
generic_textual CRITICAL https://github.com/pygments/pygments
cvssv3.1 9.0 https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
generic_textual CRITICAL https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
cvssv3.1 9.0 https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
cvssv3.1 9.0 https://nvd.nist.gov/vuln/detail/CVE-2015-8557
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2015-8557
cvssv3.1 9.0 https://security.gentoo.org/glsa/201612-05
generic_textual CRITICAL https://security.gentoo.org/glsa/201612-05
cvssv3.1 9.0 http://www.debian.org/security/2016/dsa-3445
generic_textual CRITICAL http://www.debian.org/security/2016/dsa-3445
cvssv3.1 9.0 http://www.openwall.com/lists/oss-security/2015/12/14/17
generic_textual CRITICAL http://www.openwall.com/lists/oss-security/2015/12/14/17
cvssv3.1 9.0 http://www.openwall.com/lists/oss-security/2015/12/14/6
generic_textual CRITICAL http://www.openwall.com/lists/oss-security/2015/12/14/6
cvssv3.1 9.0 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
generic_textual CRITICAL http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
cvssv3.1 9.0 http://www.ubuntu.com/usn/USN-2862-1
generic_textual CRITICAL http://www.ubuntu.com/usn/USN-2862-1
Reference id Reference type URL
http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8557.json
https://api.first.org/data/v1/epss?cve=CVE-2015-8557
https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8557
http://seclists.org/fulldisclosure/2015/Oct/4
https://github.com/advisories/GHSA-fff8-4w9p-7v76
https://github.com/pygments/pygments
https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
https://nvd.nist.gov/vuln/detail/CVE-2015-8557
https://security.gentoo.org/glsa/201612-05
http://www.debian.org/security/2016/dsa-3445
http://www.openwall.com/lists/oss-security/2015/12/14/17
http://www.openwall.com/lists/oss-security/2015/12/14/6
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.ubuntu.com/usn/USN-2862-1
1276321 https://bugzilla.redhat.com/show_bug.cgi?id=1276321
802828 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802828
USN-2862-1 https://usn.ubuntu.com/2862-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2015/Oct/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-fff8-4w9p-7v76
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pygments/pygments
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pygments/pygments/commit/db6dd826f8624179e563aaded391efe824462f51
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2016-32.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-8557
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201612-05
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/12/14/17
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/12/14/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-2862-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92332
EPSS Score 0.09142
Published At Aug. 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:05:44.057600+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2016-32.yaml 37.0.0