Vulnerability Details CVE-2021-45935
Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-1344.yaml
- https://github.com/osamu620/OpenHTJ2K
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-1344.yaml
- https://github.com/osamu620/OpenHTJ2K
Products affected by CVE-2021-45935
-
cpe:2.3:a:grok_project:grok:9.5.0