CVE-2021-3697
Severity
7.0HIGH
EPSS
0.1%
top 79.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 6
Latest updateSep 8
Description
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages5 packages
Also affects: Enterprise Linux 8.0, 8.1, 8.4, 9.0, 8.2, 8.6, Openshift Container Platform 4.10, 4.6, 4.9
🔴Vulnerability Details
4GHSA▶
GHSA-pr45-j47f-755r: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap↗2022-07-07
OSV▶
CVE-2021-3697: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap↗2022-07-06
CVEList▶
CVE-2021-3697: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap↗2022-07-06
📋Vendor Advisories
4Microsoft▶
A crafted JPEG image may lead the JPEG reader to underflow its data pointer allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some tria↗2022-07-12
Debian▶
CVE-2021-3697: grub2 - A crafted JPEG image may lead the JPEG reader to underflow its data pointer, all...↗2021