SUSE CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

Oracle Linux 9 : grub2 (ELSA-2022-9596)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9596 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

Design/Logic Flaw

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

CVE-2021-3697

CVE-2021-3697 is a grub2 JPEG handling vulnerability where crafting a JPEG image may cause a heap underflow in the JPEG reader, enabling data corruption and potentially code execution or secure-boot circumvention. It affects grub2 versions prior to the fixed release (notably legacy references to ...

Remote Code Execution (RCE)

grub2 is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the data pointer of the JPEG reader allowing an attacker to inject maliciously crafted script into the system via a crafted JPEG image...

USN-3396-1 openjdk-7 vulnerabilities

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...

USN-3366-1 openjdk-8 vulnerabilities

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...

ImageMagick Memory Corruption Vulnerability (Jan 2017) - Windows

ImageMagick is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...

OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...