Security Flaw in Python's Mimetypes Module Affects Windows Environments
CVE-2024-3220

2.3LOW

Key Information:

Vendor
Python Software Foundation
Status
Cpython
Vendor
CVE Published:
14 February 2025

Summary

A defect exists in Python's CPython standard library module 'mimetypes' affecting Windows users. The default list of known file locations is writable, allowing other users to create invalid files. This may lead to a MemoryError when Python starts, or result in incorrect file type interpretations due to incorrect file extensions. The issue arises from the inappropriate application of Unix-style defaults on Windows systems. Users can mitigate the risk by invoking mimetypes.init() with an empty list on Windows to bypass loading default locations.

Affected Version(s)

CPython 0 < 3.14.0

References

https://mail.python.org/archives/list/security-announce@p...
vendor-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-3220 : Security Flaw in Python's Mimetypes Module Affects Windows Environments | SecurityVulnerability.io