CVE-2021-3696 | Ubuntu (original) (raw)

Publication date 6 July 2022

Last updated 18 August 2025

Cvss 3 Severity Score

Score breakdown

Description

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Severity score breakdown

CVSS version: CVSS v3.0

Base score 4.5 · Medium

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-6355-1
• GRUB2 vulnerabilities
• 8 September 2023

Other references

• https://www.openwall.com/lists/oss-security/2022/06/07/5
• https://www.cve.org/CVERecord?id=CVE-2021-3696

Access our resources on patching vulnerabilities