PT-2022-2518 · Cisco+5 · Clamav+5

Published

2022-04-20

·

Updated

2024-06-15

·

CVE-2022-20771

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.0 through 0.104.2
Description A vulnerability in the TIFF file parser of Clam AntiVirus could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is related to errors in resource management when parsing TIFF files, which can lead to a denial of service condition. Exploitation of the vulnerability may allow a remote attacker to consume all available system resources, causing a denial of service.
Recommendations For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5 to resolve the issue. For ClamAV versions 0.104.0 through 0.104.2, update to a version later than 0.104.2 to resolve the issue. As a temporary workaround, consider disabling the TIFF file parser until a patch is available. Restrict access to the ClamAV scanning library to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2022-1906
ALT-PU-2022-1924
ALT-PU-2022-1939
ALT-PU-2022-1945
AZL-9667
BDU:2022-02933
CVE-2022-20771
DLA-3042-1
MGASA-2022-0187
OESA-2022-1683
OPENSUSE-SU-2022_1644-1
OPENSUSE-SU-2024:12047-1
SUSE-SU-2022:1644-1
SUSE-SU-2022:1647-1
SUSE-SU-2022_1644-1
SUSE-SU-2022_1647-1
USN-5423-1
USN-5423-2

Affected Products

Alt Linux
Clamav
Linuxmint
Red Os
Suse
Ubuntu