Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

  • Published: Jul 6, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-3697
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7
  • AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Low
  • Score: 4.4
  • AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
redhat / openshift 3.0 3.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / developer_tools 1.0 1.0.x
redhat / enterprise_linux 8.1 8.1.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6 8.6.x
redhat / enterprise_linux_server_aus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.6 8.6.x
redhat / enterprise_linux_eus 8.6 8.6.x
redhat / enterprise_linux_for_power_little_endian_eus 8.6 8.6.x
redhat / enterprise_linux 9.0 9.0.x
redhat / enterprise_linux 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0 9.0.x
redhat / enterprise_linux_for_power_little_endian_eus 9.0 9.0.x
redhat / enterprise_linux_for_power_little_endian 9.0 9.0.x
redhat / enterprise_linux_eus 9.0 9.0.x
redhat / openshift_container_platform 4.6 4.6.x
redhat / openshift_container_platform 4.9 4.9.x
redhat / openshift_container_platform 4.10 4.10.x
gnu / grub2 2.00 2.12