CVE-2022-48622

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 26, 2024
Updated: Feb 2, 2024
CWE ID 787

Summary

CVE-2022-48622 is a vulnerability in GNOME GdkPixbuf (aka gdk-pixbuf) through version 2.42.10. It affects multiple products, including those with the names starting with "t3Gp" and "t3Gq" in the affected_products field. The vulnerability occurs in the ANI (Windows animated cursor) decoder when parsing chunks in a crafted .ani file, leading to heap memory corruption. An attacker could exploit this vulnerability to overwrite heap metadata, potentially resulting in a denial of service or code execution attack. The vulnerability has a high severity rating with a base score of 7.8 and poses a risk to organizations as it requires user interaction and can impact integrity and confidentiality. Remediation should involve updating the affected software to a version beyond 2.42.10 to mitigate this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2022-48622 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options