PT-2022-6483 · Pillow+5 · Pillow+5

Radarhere

Published

2022-02-09

Updated

2025-01-14

CVE-2022-24303

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 9.0.1

Description The issue is related to the mishandling of spaces in temporary pathnames, which can be exploited by attackers to delete files. This can lead to data integrity issues and potentially cause a denial of service. The vulnerability can be exploited remotely.

Recommendations For versions prior to 9.0.1, update to version 9.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to temporary files and directories to minimize the risk of exploitation.

Fix

Out of bounds Read

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-22

Related Identifiers

ALT-PU-2022-1236

ALT-PU-2023-7942

ALT-PU-2023-8182

BDU:2023-01714

BIT-PILLOW-2022-24303

CVE-2022-24303

GHSA-9J59-75QJ-795W

MGASA-2022-0166

OESA-2022-1540

OESA-2022-2086

OPENSUSE-SU-2024:11814-1

OPENSUSE-SU-2025:14645-1

PYSEC-2022-168

USN-5777-1

USN-5777-2

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Pillow

Ubuntu

PT-2022-6483 · Pillow+5 · Pillow+5

CVE-2022-24303

Weakness Enumeration

Related Identifiers

Affected Products

References · 60