Vulnerability Details CVE-2021-36089
Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
- https://github.com/GrokImageCompression/grok/releases
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
- https://github.com/GrokImageCompression/grok/releases
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
Products affected by CVE-2021-36089
-
cpe:2.3:a:zope:grok:*
-
cpe:2.3:o:linux:linux_kernel:-