cvedb.io
CVE-2022-3775
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2022-12-19T20:15:11.427 · Last modified 2026-06-17T05:00:17.087

Summary

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

Affected products

gnu — grub2

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.