CVE-2022-20771— ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-20771
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
Source: NVD (National Vulnerability Database)
Vulnerability Description
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
资源管理错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
ClamAV 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ClamAV(Clam AntiVirus)是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.104.0版本到0.104.2版本 0.103版本到0.103.5版本存在资源管理错误漏洞,该漏洞源于TIFF文件解析器中的无限循环。远程攻击者可以消耗所有可用的系统资源利用该漏洞实现拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco AMP for Endpoints | n/a | - |
II. Public POCs for CVE-2022-20771
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-20771
Please Login to view more intelligence information
- https://security.gentoo.org/glsa/202310-01vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20771
Same Patch Batch · Cisco · 2022-05-04 · 13 CVEs total
| CVE-2022-20777 | 9.9 CRITICAL | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20779 | 9.9 CRITICAL | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20780 | 9.9 CRITICAL | Cisco Enterprise NFV Infrastructure Software Vulnerabilities |
| CVE-2022-20770 | 8.6 HIGH | ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 20 |
| CVE-2022-20785 | 7.5 HIGH | ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20764 | 6.5 MEDIUM | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20794 | 6.5 MEDIUM | Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities |
| CVE-2022-20796 | 6.5 MEDIUM | ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
| CVE-2022-20753 | 4.7 MEDIUM | Cisco Small Business RV Series Routers Remote Code Execution Vulnerability |
| CVE-2022-20801 | 4.7 MEDIUM | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2022-20799 | 4.7 MEDIUM | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2022-20734 | 4.4 MEDIUM | Cisco SD-WAN vManage Software Information Disclosure Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco AMP for Endpoints
- CVE-2022-20796
ClamAV Truncated File Denial of Service Vulnerability Affect - CVE-2022-20785
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cis - CVE-2022-20770
ClamAV CHM File Parsing Denial of Service Vulnerability Affe - CVE-2021-1386
Cisco Advanced Malware Protection for Endpoints Windows Conn - CVE-2021-1280
Cisco Advanced Malware Protection for Endpoints and Immunet
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido IDOR漏洞致用户隐私泄露 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
V. Comments for CVE-2022-20771
No comments yet