CVE-2022-48622

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 26, 2024
Updated: Feb 2, 2024
CWE ID 787

Summary

CVE-2022-48622 is a vulnerability in GNOME GdkPixbuf (aka gdk-pixbuf) through version 2.42.10. It affects multiple products, including those with the names starting with "t3Gp" and "t3Gq" in the affected_products field. The vulnerability occurs in the ANI (Windows animated cursor) decoder when parsing chunks in a crafted .ani file, leading to heap memory corruption. An attacker could exploit this vulnerability to overwrite heap metadata, potentially resulting in a denial of service or code execution attack. The vulnerability has a high severity rating with a base score of 7.8 and poses a risk to organizations as it requires user interaction and can impact integrity and confidentiality. Remediation should involve updating the affected software to a version beyond 2.42.10 to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2022-48622 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database