CVE-2022-30595 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-30595 Interim 1 13 2025-11-05T01:33:14Z current 2022-05-19T23:46:43Z 2025-11-05T01:33:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-30595 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/44PI4DZ7YJFTM3VMZXVNEBF2OQQVHGKN/ E-Mail link for openSUSE-SU-2025:14645-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed python-Pillow python310-Pillow-9.1.1-1.1 python310-Pillow-tk-9.1.1-1.1 python311-Pillow-11.1.0-1.1 python311-Pillow-9.5.0-150400.5.15.1 python311-Pillow-tk-11.1.0-1.1 python311-Pillow-tk-9.5.0-150400.5.15.1 python312-Pillow-11.1.0-1.1 python312-Pillow-tk-11.1.0-1.1 python313-Pillow-11.1.0-1.1 python313-Pillow-11.3.0-160000.2.2 python313-Pillow-tk-11.1.0-1.1 python313-Pillow-tk-11.3.0-160000.2.2 python38-Pillow-9.1.1-1.1 python38-Pillow-tk-9.1.1-1.1 python39-Pillow-9.1.1-1.1 python39-Pillow-tk-9.1.1-1.1 python311-Pillow-9.5.0-150400.5.15.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python311-Pillow-tk-9.5.0-150400.5.15.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python313-Pillow-11.3.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python313-Pillow-tk-11.3.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python310-Pillow-9.1.1-1.1 as a component of openSUSE Tumbleweed python310-Pillow-tk-9.1.1-1.1 as a component of openSUSE Tumbleweed python311-Pillow-11.1.0-1.1 as a component of openSUSE Tumbleweed python311-Pillow-tk-11.1.0-1.1 as a component of openSUSE Tumbleweed python312-Pillow-11.1.0-1.1 as a component of openSUSE Tumbleweed python312-Pillow-tk-11.1.0-1.1 as a component of openSUSE Tumbleweed python313-Pillow-11.1.0-1.1 as a component of openSUSE Tumbleweed python313-Pillow-tk-11.1.0-1.1 as a component of openSUSE Tumbleweed python38-Pillow-9.1.1-1.1 as a component of openSUSE Tumbleweed python38-Pillow-tk-9.1.1-1.1 as a component of openSUSE Tumbleweed python39-Pillow-9.1.1-1.1 as a component of openSUSE Tumbleweed python39-Pillow-tk-9.1.1-1.1 as a component of openSUSE Tumbleweed python-Pillow as a component of HPE Helion OpenStack 8 python-Pillow as a component of SUSE OpenStack Cloud 8 python-Pillow as a component of SUSE OpenStack Cloud 9 python-Pillow as a component of SUSE OpenStack Cloud Crowbar 8 python-Pillow as a component of SUSE OpenStack Cloud Crowbar 9 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. CVE-2022-30595 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Pillow-9.5.0-150400.5.15.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Pillow-tk-9.5.0-150400.5.15.1 SUSE Linux Enterprise Server 16.0:python313-Pillow-11.3.0-160000.2.2 SUSE Linux Enterprise Server 16.0:python313-Pillow-tk-11.3.0-160000.2.2 openSUSE Tumbleweed:python310-Pillow-9.1.1-1.1 openSUSE Tumbleweed:python310-Pillow-tk-9.1.1-1.1 openSUSE Tumbleweed:python311-Pillow-11.1.0-1.1 openSUSE Tumbleweed:python311-Pillow-tk-11.1.0-1.1 openSUSE Tumbleweed:python312-Pillow-11.1.0-1.1 openSUSE Tumbleweed:python312-Pillow-tk-11.1.0-1.1 openSUSE Tumbleweed:python313-Pillow-11.1.0-1.1 openSUSE Tumbleweed:python313-Pillow-tk-11.1.0-1.1 openSUSE Tumbleweed:python38-Pillow-9.1.1-1.1 openSUSE Tumbleweed:python38-Pillow-tk-9.1.1-1.1 openSUSE Tumbleweed:python39-Pillow-9.1.1-1.1 openSUSE Tumbleweed:python39-Pillow-tk-9.1.1-1.1 HPE Helion OpenStack 8:python-Pillow SUSE OpenStack Cloud 8:python-Pillow SUSE OpenStack Cloud 9:python-Pillow SUSE OpenStack Cloud Crowbar 8:python-Pillow SUSE OpenStack Cloud Crowbar 9:python-Pillow critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H