Bug 2052682 (CVE-2022-24303) - CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related actions
Summary: CVE-2022-24303 python-pillow: temporary directory with a space character allo...
Keywords:
Status: NEW
Alias: CVE-2022-24303
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2052683 2052684 2052685 2053489
Blocks: 2052688
TreeView+ depends on / blocked
 
Reported: 2022-02-09 19:06 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-07-07 08:28 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-02-09 19:06:02 UTC 
If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after im.show() (and related actions), and potentially remove an unrelated file. This been present since PIL.

Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
Comment 1 Guilherme de Almeida Suckevicz 2022-02-09 19:06:26 UTC 
Created mingw-python-pillow tracking bugs for this issue:

Affects: fedora-all [bug 2052683]


Created python-pillow tracking bugs for this issue:

Affects: fedora-all [bug 2052684]


Created python3-pillow tracking bugs for this issue:

Affects: epel-7 [bug 2052685]
Comment 5 Sandro Mani 2022-03-28 19:00:38 UTC 
Upstream commit https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
Comment 7 Lumír Balhar 2022-07-22 09:24:32 UTC 
For reproducer see https://bugzilla.redhat.com/show_bug.cgi?id=2053489#c1 and https://bugzilla.redhat.com/show_bug.cgi?id=2053489#c2
Note You need to log in before you can comment on or make changes to this bug.