2 matches found
CVE-2019-16784
CVE-2019-16784 : On Windows, PyInstaller in "onefile" mode is vulnerable to local privilege escalation prior to version 3.6 when a privileged process launches it with a World-writable TempPath (e.g., C:\Windows\Temp) and the attacker can trigger a restart after their exploit. The issue affects so...
CVE-2023-49797
CVE-2023-49797 affects PyInstaller-packaged Python apps and can lead to deletion of files in a privileged process under specific conditions (matplotlib or win32com present, run as administrator, and unprotected TEMP directory). Root cause: unprotected temporary file handling allows timing or dire...