### [CVE-2021-3697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697)
![](https://img.shields.io/static/v1?label=Product&message=grub2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787&color=brighgreen)

### Description

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EuroLinux/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/denis-jdsouza/wazuh-vulnerability-report-maker
- https://github.com/lenovo-lux/shim-review
- https://github.com/neppe/shim-review
- https://github.com/ozun215/shim-review
- https://github.com/puzzleos/uefi-shim_review
- https://github.com/rhboot/shim-review
- https://github.com/vathpela/shim-review