Bug 2052682 (CVE-2022-24303)

Summary: CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related actions
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bdettelb, cstratak, epel-packagers-sig, infra-sig, lbalhar, manisandro, orion, python-maint, python-sig, torsava
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in python-pillow. The vulnerability occurs due to the not validated remove operation, leading to Improper input validation. This flaw allows an attacker to externally-influenced input commands that modify or remove the intended command.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2052685, 2052683, 2052684, Red Hat2053489    
Bug Blocks: Embargoed2052688    

Description Guilherme de Almeida Suckevicz 2022-02-09 19:06:02 UTC
If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after im.show() (and related actions), and potentially remove an unrelated file. This been present since PIL.


Comment 1 Guilherme de Almeida Suckevicz 2022-02-09 19:06:26 UTC
Created mingw-python-pillow tracking bugs for this issue:

Affects: fedora-all [bug 2052683]

Created python-pillow tracking bugs for this issue:

Affects: fedora-all [bug 2052684]

Created python3-pillow tracking bugs for this issue:

Affects: epel-7 [bug 2052685]