CVE-2022-20771

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-20771
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-20771.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-20771
Related
Published
2022-05-04T17:15:08Z
Modified
2024-09-18T03:19:53.497621Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

References

Affected packages

Alpine:v3.12 / clamav

Package

Name
clamav
Purl
pkg:apk/alpine/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-r0

Affected versions

0.*

0.94.2-r0
0.94.2-r1
0.94.2-r2
0.95.1-r0
0.95.1-r1
0.95.2-r0
0.95.2-r1
0.95.3-r0
0.95.3-r1
0.96-r0
0.96.1-r0
0.96.2-r0
0.96.3-r0
0.96.4-r0
0.96.5-r0
0.97-r0
0.97-r1
0.97-r2
0.97-r3
0.97-r4
0.97.1-r0
0.97.2-r0
0.97.3-r0
0.97.3-r1
0.97.3-r2
0.97.3-r3
0.97.4-r0
0.97.4-r1
0.97.4-r2
0.97.5-r0
0.97.6-r0
0.97.6-r1
0.97.7-r0
0.97.8-r0
0.97.8-r1
0.97.8-r2
0.98-r0
0.98-r1
0.98.1-r0
0.98.1-r1
0.98.1-r2
0.98.3-r0
0.98.4-r0
0.98.4-r1
0.98.5-r0
0.98.6-r0
0.98.6-r1
0.98.6-r2
0.98.7-r0
0.98.7-r1
0.98.7-r2
0.99-r0
0.99-r1
0.99-r2
0.99-r3
0.99.1-r0
0.99.1-r1
0.99.1-r2
0.99.2-r0
0.99.2-r1
0.99.2-r2
0.99.2-r3
0.99.2-r4
0.99.2-r5
0.99.2-r6
0.99.3-r1
0.99.3-r2
0.99.3-r3
0.99.4-r0
0.99.4-r1
0.100.0-r0
0.100.0-r1
0.100.0-r2
0.100.1-r0
0.100.1-r1
0.100.2-r0
0.100.3-r0
0.101.4-r0
0.101.4-r1
0.102.0-r0
0.102.1-r0
0.102.2-r0
0.102.3-r0
0.102.4-r0
0.102.4-r1
0.103.2-r0

Alpine:v3.13 / clamav

Package

Name
clamav
Purl
pkg:apk/alpine/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-r0

Affected versions

0.*

0.94.2-r0
0.94.2-r1
0.94.2-r2
0.95.1-r0
0.95.1-r1
0.95.2-r0
0.95.2-r1
0.95.3-r0
0.95.3-r1
0.96-r0
0.96.1-r0
0.96.2-r0
0.96.3-r0
0.96.4-r0
0.96.5-r0
0.97-r0
0.97-r1
0.97-r2
0.97-r3
0.97-r4
0.97.1-r0
0.97.2-r0
0.97.3-r0
0.97.3-r1
0.97.3-r2
0.97.3-r3
0.97.4-r0
0.97.4-r1
0.97.4-r2
0.97.5-r0
0.97.6-r0
0.97.6-r1
0.97.7-r0
0.97.8-r0
0.97.8-r1
0.97.8-r2
0.98-r0
0.98-r1
0.98.1-r0
0.98.1-r1
0.98.1-r2
0.98.3-r0
0.98.4-r0
0.98.4-r1
0.98.5-r0
0.98.6-r0
0.98.6-r1
0.98.6-r2
0.98.7-r0
0.98.7-r1
0.98.7-r2
0.99-r0
0.99-r1
0.99-r2
0.99-r3
0.99.1-r0
0.99.1-r1
0.99.1-r2
0.99.2-r0
0.99.2-r1
0.99.2-r2
0.99.2-r3
0.99.2-r4
0.99.2-r5
0.99.2-r6
0.99.3-r1
0.99.3-r2
0.99.3-r3
0.99.4-r0
0.99.4-r1
0.100.0-r0
0.100.0-r1
0.100.0-r2
0.100.1-r0
0.100.1-r1
0.100.2-r0
0.100.3-r0
0.101.4-r0
0.101.4-r1
0.102.0-r0
0.102.1-r0
0.102.2-r0
0.102.3-r0
0.102.4-r0
0.102.4-r1
0.102.4-r2
0.103.0-r0
0.103.0-r1
0.103.1-r0
0.103.2-r0

Debian:11 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-0+deb11u1

Affected versions

0.*

0.103.2+dfsg-2
0.103.3+dfsg-0+deb11u1
0.103.3+dfsg-1
0.103.4+dfsg-0+deb11u1
0.103.4+dfsg-1
0.103.5+dfsg-0+deb11u1
0.103.5+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}