DEBIAN-CVE-2021-3697

DEBIAN-CVE-2021-3697 PUBLISHED CVSS 7 HIGH

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	grub2	0, 0, 0
Debian:12	grub2	0, 0, 0
Debian:13	grub2	0, 0, 0
Debian:11	grub2	2.06-2, 2.06-2, 2.06-2

Timeline

Jul 6, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-3697 advisory

Open in Interactive Console →