Published: 04/05/2022 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 695

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and previous versions and 0.104.2 and previous versions was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 up to and including 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote malicious user to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav
cisco secure endpoint
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
debian debian linux 9.0

Several security issues were fixed in ClamAV ...

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 01035 and earlier and 01042 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 01040 through 01042 and LTS version 01035 and prior versions could allow an unauthenticated, remote attacker to cause a denial ...

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 01035 and earlier and 01042 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 01040 through 01042 and LTS version 01035 and prior versions could allow an unauthenticated, remote attacker to cause a deni ...

possible infinite loop vulnerability in the TIFF file parser The issue only occurs if the "--alert-broken-media" ClamScan option is enabled For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option ...

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 01041 and LTS version 01034 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device The vulnerability is due to improper checks that may result in an invalid pointer read An attacker c ...

ALAS-2022-229 Amazon Linux 2022 Security Advisory: ALAS-2022-229 Advisory Release Date: 2022-12-06 16:42 Pacific ...

NVD-CWE-noinfo https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html https://security.gentoo.org/glsa/202310-01 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5423-1

CVE-2022-20771

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect