Vulnerabilities > CVE-2021-3696 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1991686
- https://bugzilla.redhat.com/show_bug.cgi?id=1991686
- https://security.gentoo.org/glsa/202209-12
- https://security.gentoo.org/glsa/202209-12
- https://security.netapp.com/advisory/ntap-20220930-0001/
- https://security.netapp.com/advisory/ntap-20220930-0001/