CVE-2022-20698

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-20698
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-20698.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-20698
Downstream
Related
Published
2022-01-14T06:15:09.570Z
Modified
2026-02-13T02:31:56.974826Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

References

Affected packages

Git / github.com/cisco-talos/clamav

Affected ranges

Type
GIT
Repo
https://github.com/cisco-talos/clamav
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5faab1937cc2b89049ef7748dc9a10545707613d
Introduced
ba51bf8e644921a1592d2f3d280a2daa924acfd8
Fixed
fb828e93cab6b73818c1d94ffd05d92720a85c6f

Affected versions

clamav-0.*
clamav-0.104.0
clamav-0.104.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-20698.json"