Boletines de Vulnerabilidades

ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022


Información sobre el sistema

   
Software afectado Cisco

Descripción

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory is available at the

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=ClamAV%20TIFF%20File%20Parsing%20Denial%20of%20Service%20Vulnerability%20Affecting%20Cisco%20Products:%20May%202022&vs_k=1

Identificadores estándar

Propiedad Valor
CVE CVE-2022-20771.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-12-23

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT