CVE-2021-36089

EUVD-2021-22722
Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
zopegrok
7.6.6 ≤
𝑥
≤ 9.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgrokj2k
bookworm
10.0.5-1
fixed
sid
10.0.5-1
fixed
trixie
10.0.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgrokj2k
bionic
dne
focal
dne
groovy
dne
hirsute
ignored
impish
ignored
jammy
dne
trusty
dne
xenial
ignored
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
https://github.com/GrokImageCompression/grok/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
https://github.com/GrokImageCompression/grok/releases
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml