CVE-2021-3697

HIGH Year: 2021
CVSS v3 Score
7.0
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-787
View all →

Vulnerability Description

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Related Vulnerabilities

CVE-2016-8617

HIGH
CVSS:7.0(High)

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.

CWE-7872016

CVE-2017-0325

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-0332

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b...

CWE-7872017

CVE-2017-0453

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-0608

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-16551

HIGH
CVSS:7.0(High)

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

CWE-7872017