vulnerability

Arch Linux: Arbitrary code execution (CVE-2021-3696)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Jul 6, 2022	Jul 11, 2025	Jan 16, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 6, 2022

Added

Jul 11, 2025

Modified

Jan 16, 2026

Description

A heap out-of-bounds write may happen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availability impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention.

Solution

arch-linux-upgrade-latest

References

CVE-2021-3696
https://attackerkb.com/topics/CVE-2021-3696
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1991686
URL-https://security.gentoo.org/glsa/202209-12
URL-https://security.netapp.com/advisory/ntap-20220930-0001/
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today