How severe is CVE-2021-3696?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.5 out of 10.

What type of vulnerability is CVE-2021-3696?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2021-3696 - MEDIUM Severity | CVSS 4.5

Vulnerability Description

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Related Vulnerabilities

CVE-2021-3695

MEDIUM

CVSS:4.5(Medium)

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and...

CWE-7872021

CVE-2021-45604

MEDIUM

CVSS:4.5(Medium)

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.6...

CWE-7872021

CVE-2024-34776

LOW

CVSS:4.5(Medium)

Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-7872024

CVE-2024-39431

MEDIUM

CVSS:4.5(Medium)

In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

CWE-7872024

CVE-2024-39432

MEDIUM

CVSS:4.5(Medium)

In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.

CWE-7872024

CVE-2016-5238

MEDIUM

CVSS:4.4(Medium)

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from th...

CWE-7872016