CVE-2022-2601

HIGH Year: 2022
CVSS v3 Score
8.6
High
Weakness Type
CWE-122
View all →

Vulnerability Description

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Related Vulnerabilities

CVE-2017-16717

HIGH
CVSS:8.6(High)

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CWE-1222017

CVE-2021-21006

HIGH
CVSS:8.6(High)

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code executi...

CWE-1222021

CVE-2024-20259

HIGH
CVSS:8.6(High)

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of servi...

CWE-1222024

CVE-2024-56406

HIGH
CVSS:8.6(High)

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASC...

CWE-1222024

CVE-2024-39825

HIGH
CVSS:8.5(High)

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

CWE-1222024