118 matches found
GHSA-P2XP-XX3R-MFFC PyInstaller has local privilege escalation vulnerability
Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...
CVE-2025-59042
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...
Arbitrary Code Injection
Overview pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Arbitrary Code Injection in the bootstrap process. An attacker can achieve arbitrary code execution by placing malicious files or...
CVE-2025-59042 PyInstaller has local privilege escalation vulnerability
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...
CVE-2025-59042 PyInstaller has local privilege escalation vulnerability
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...
CVE-2025-59042 PyInstaller has local privilege escalation vulnerability
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...
CVE-2025-59042
CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...
PT-2025-36997
Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...
PyInstaller 代码注入漏洞
PyInstaller is a Python library from the Python Foundation that analyzes your code to discover all the other modules and libraries your scripts need to execute. A code injection vulnerability exists in PyInstaller versions prior to 6.0.0, which stems from improper handling of sys.path and could...
Intel Computing Improvement Program PyInstaller Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
OESA-2024-1742 python-pyinstaller security update
PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller...
Evil Ant The Python-Powered Ransomware
Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...
Exploit for Uncontrolled Resource Consumption in Elastic Kibana
Proof of Concept POC CVE-2024-23443 hpbiososquery Add o...
Fedora 38 : rdiff-backup (2023-0fb94a1209)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0fb94a1209 advisory. Rebuild for pyinstall CVE-2023-49797 BZ2253844 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 39 : rdiff-backup (2023-3909a0ab0e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3909a0ab0e advisory. Rebuild for pyinstall CVE-2023-49797 BZ2253844 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Local Privilege Escalation
pyinstaller is vulnerable to Local Privilege Escalation. The vulnerability exists due to insecure directories used in the library, allowing an attacker to delete files on the system if the applications contains either matplotlib or win32com, and the temporary directory is not locked to a specific...
CVE-2023-49797
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
Design/Logic Flaw
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
PYSEC-2023-292
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...
PYSEC-2023-292
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...