CVE-2021-36089

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/GrokImageCompression/grok/releases
Release Notes
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/GrokImageCompression/grok/releases
Release Notes
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:zope:grok:*:*:*:*:*:*:*:*

Версия от 7.6.6 (включая) до 9.2.0 (включая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00409

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-36089

CVSS3: 7.8

ubuntu

больше 4 лет назад

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).

CVE-2021-36089

CVSS3: 7.8

debian

больше 4 лет назад

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...

GHSA-j6x3-x857-7j5x

github

больше 3 лет назад

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).

EPSS

Процентиль: 61%

0.00409

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787