{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:12:28.891","vulnerabilities":[{"cve":{"id":"CVE-2022-20771","sourceIdentifier":"psirt@cisco.com","published":"2022-05-04T17:15:08.440","lastModified":"2024-11-21T06:43:31.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."},{"lang":"es","value":"El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos TIFF de Clam AntiVirus (ClamAV) versiones 0.104.0 a 0.104.2 y LTS versión 0.103.5 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. Para una descripción de esta vulnerabilidad, vea el blog de ClamAV. Este aviso será actualizado a medida que esté disponible información adicional"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-399"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*","versionEndIncluding":"0.103.5","matchCriteriaId":"27ADFD65-7F57-461B-AD74-FF8F7950B5E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionStartIncluding":"0.104.0","versionEndIncluding":"0.104.2","matchCriteriaId":"FEA3B921-70F0-455E-84F0-EA08498AEB4D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*","versionEndExcluding":"1.16.3","matchCriteriaId":"2D18B72E-A39C-4355-880C-D8F56F69DEC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*","versionEndExcluding":"1.17.2","matchCriteriaId":"7EB9082D-A730-4BC0-A7C3-FD41C9B90C62"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*","versionEndExcluding":"7.5.5","matchCriteriaId":"941865DD-D900-4FF7-B94B-8A4849653E01"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*","versionStartIncluding":"1.18.0","versionEndExcluding":"1.18.2","matchCriteriaId":"F3E65C72-96CF-445D-9A4C-ED82ED79882E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*","versionStartIncluding":"1.18.0","versionEndExcluding":"1.18.2","matchCriteriaId":"30810C03-D9F9-4CD2-B276-11E9302F245C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","source":"psirt@cisco.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","source":"psirt@cisco.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","source":"psirt@cisco.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","source":"psirt@cisco.com"},{"url":"https://security.gentoo.org/glsa/202310-01","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202310-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}