Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EuroLinux/shim-review
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/denis-jdsouza/wazuh-vulnerability-report-maker
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/lenovo-lux/shim-review
- https://github.com/neppe/shim-review
- https://github.com/ozun215/shim-review
- https://github.com/puzzleos/uefi-shim_review
- https://github.com/rhboot/shim-review
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review