CVE-2022-30595: Buffer Overflow
First published: Wed May 25 2022(Updated: )
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Pillow | =9.1.0 | |
| pip/Pillow | =9.1.0 | 9.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c
- https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-30595
- https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280
- https://github.com/advisories/GHSA-hr8g-f6r6-mr22 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for Pillow 9.1.0?
The vulnerability ID for Pillow 9.1.0 is CVE-2022-30595.
What is the severity of CVE-2022-30595?
The severity of CVE-2022-30595 is critical with a severity score of 9.8.
What is the affected software for CVE-2022-30595?
The affected software for CVE-2022-30595 is Pillow 9.1.0.
What is the description of CVE-2022-30595?
CVE-2022-30595 is a heap buffer overflow vulnerability in the processing of invalid TGA image files in Pillow 9.1.0.
How can I fix CVE-2022-30595?
To fix CVE-2022-30595, update your Pillow installation to version 9.1.1 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hr8g-f6r6-mr22
- alias/CVE-2022-30595
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/tags
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- vendor/python
- canonical/python pillow
- version/python pillow/9.1.0
- package-manager/pip