Name of the Vulnerable Software and Affected Versions:

grub2 (affected versions not specified)

Description:

The issue arises when rendering certain unicode sequences, as grub2's font code does not properly validate if the informed glyph's width and height is constrained within bitmap size. This allows an attacker to craft an input that leads to an out-of-bounds write into grub2's heap, resulting in memory corruption and availability issues. Although complex, arbitrary code execution cannot be ruled out. The vulnerability can be exploited by remote attackers to execute arbitrary code and impact the system.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.