Описание
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | does not affect Secure Boot |
| esm-infra-legacy/trusty | not-affected | does not affect Secure Boot |
| esm-infra/bionic | not-affected | does not affect Secure Boot |
| esm-infra/focal | not-affected | does not affect Secure Boot |
| esm-infra/xenial | not-affected | does not affect Secure Boot |
| focal | not-affected | does not affect Secure Boot |
| impish | ignored | end of life |
| jammy | not-affected | does not affect Secure Boot |
| kinetic | not-affected | does not affect Secure Boot |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.187.3~18.04.1 |
| devel | not-affected | 1.193 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1.187.3~18.04.1 |
| esm-infra/focal | not-affected | 1.187.3~20.04.1 |
| esm-infra/xenial | needed | |
| focal | released | 1.187.3~20.04.1 |
| jammy | released | 1.187.3~22.04.1 |
| kinetic | ignored | end of life |
| lunar | not-affected | 1.192 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.06-2ubuntu14.1 |
| devel | not-affected | 2.06-2ubuntu17 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2.06-2ubuntu14.1 |
| esm-infra/focal | not-affected | 2.06-2ubuntu14.1 |
| esm-infra/xenial | needed | |
| focal | released | 2.06-2ubuntu14.1 |
| jammy | released | 2.06-2ubuntu14.1 |
| kinetic | ignored | end of life |
| lunar | not-affected | 2.06-2ubuntu16 |
Показывать по
EPSS
4.4 Medium
CVSS2
7 High
CVSS3
Связанные уязвимости
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
A crafted JPEG image may lead the JPEG reader to underflow its data po ...
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
EPSS
4.4 Medium
CVSS2
7 High
CVSS3