Back to search
CVE-2021-3697
Published: Jul 6, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
| Vendor | Product | Versions |
|---|---|---|
n/a | grub2 | affected grub-2.06 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1991687
x_refsource_MISC
GLSA-202209-12
vendor-advisory
x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20220930-0001/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now