CVE-2021-36089

Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
zopegrok
7.6.6 ≤
𝑥
≤ 9.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgrokj2k
sid
10.0.5-1
fixed
trixie
10.0.5-1
fixed
bookworm
10.0.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgrokj2k
jammy
dne
impish
ignored
hirsute
ignored
groovy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
https://github.com/GrokImageCompression/grok/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
https://github.com/GrokImageCompression/grok/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml