{
  "threat_severity" : "Low",
  "public_date" : "2022-05-17T00:00:00Z",
  "bugzilla" : {
    "description" : "python-pillow: heap buffer overflow in crafted TGA file",
    "id" : "2087609",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2087609"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-119",
  "details" : [ "libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.", "A heap buffer overflow vulnerability was found in python-pillow. This security vulnerability occurs when reading a TGA file with RLE packets that cross scan lines, where pillow reads the information past the end of the first line without deducting that from the length of the remaining file data." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "python-pillow",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-30595\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30595" ],
  "name" : "CVE-2022-30595",
  "csaw" : false
}