PUBLIC MIRROR A read-only public view of Anvil. Only publicly-disclosed findings are shown; the Playbook, techniques, sessions and embargoed research are hidden.

← Targets

📖 Grok

active v20.3.4 (commit 432a2a5) github.com/GrokImageCompression/grok owner: ariel
25%
Research headroom
15/16
Modules examined
14 · 0 CVEs
Findings

Research map

Every module of the codebase — size and color it by attack surface, findings, or coverage, switch to the list / files view, and click a module to inspect its findings.

Where to look next

The platform ranks the highest-value modules and techniques to try next.

🔒 Next moves — internal

Per-module leads, untried techniques and the recommended sweep are part of the internal platform.

Disclosed findings (14, 0 CVEs)

More vulnerabilities will appear here as they are patched and publicly disclosed.

ID Title Class Severity Evidence Status CVE Discovered
GROK-0008 PNM writer: packed_row_bytes/packer precision mismatch in streaming-strip output → heap overflow for precision not in {8,16} oob-write low static confirmed 2026-06-16
GROK-0003 MJ2 box parser: headerSize underflow in read_url/read_urn yields heap out-of-bounds read oob-read low static confirmed 2026-06-16
GROK-0001 BMP reader: stack buffer overflow in readInfoHeader (biSize read into fixed buffer before validation) oob-write high harness harness-verified 2026-06-16
GROK-0002 BMP reader: heap out-of-bounds read in RLE8/RLE4 decoders (input pointer never bounded by biSizeImage) oob-read medium harness harness-verified 2026-06-16
GROK-0004 JPEG reader: stack buffer overflow on CMYK/YCCK (4-component) JPEG — fixed [3] arrays indexed by output_components oob-write high harness harness-verified 2026-06-16
GROK-0005 TIFF reader: heap out-of-bounds read when component count (photometric+extrasamples) exceeds SamplesPerPixel oob-read medium harness harness-verified 2026-06-16
GROK-0006 TileProcessor: use-after-free of an LRU-evicted Tile on re-decompress (reinitForReDecompress) use-after-free high harness harness-verified 2026-06-16
GROK-0007 MJ2: sample offset/size from STCO/STSZ used as a raw file pointer with no bounds check → out-of-bounds read oob-read high harness harness-verified 2026-06-16
GROK-0009 MJ2 STTS: unbounded samples_count_ drives ~4 billion allocations (decompression bomb / DoS) + num_samples_ overflow dos low harness harness-verified 2026-06-16
GROK-0010 Decompress strip composite: first-tile-row buffer under-allocated vs interior tile-row height → heap OOB write oob-write high harness harness-verified 2026-06-16
GROK-0011 JP2 asoc box: unbounded nesting recursion in read_asoc → stack-exhaustion DoS dos medium harness harness-verified 2026-06-16
GROK-0012 HTJ2K SIMD decoder: MagSgn frwd_read 16-byte vector load over-reads the 8-byte-padded code-block buffer oob-read low static confirmed 2026-06-16
GROK-0013 MJ2 read_url/read_urn: NULL-pointer dereference of current_track_ when a dref/url box has no preceding tkhd dos low harness harness-verified 2026-06-16
GROK-0014 Wavelet: unbounded DWT scratch-pool allocation from attacker tile dimension → memory-exhaustion DoS dos medium harness harness-verified 2026-06-16
Attack surface & downstream impact

Attack surface

J2K codestream / marker parsingJP2 file-format box parsingTier-1 block coding (Part 1) + HTJ2K (Part 15)MQ arithmetic coderTier-2 packet coding & quantizationwavelet transform (DWT)tile / canvas (precinct / resolution / subband) geometrythreaded schedulingcodec image-format I/O

Downstream impact

Applications choosing Grok for high-throughput JPEG 2000 / HTJ2KGeospatial / remote-sensing pipelines (large-image JP2)PDF / document and medical-imaging toolchains
Disclosure timeline (14)
FindingReportedVendor ackPublicPatched in
GROK-0008 2026-06-23 2026-06-24
GROK-0003 2026-06-23 2026-06-24
GROK-0001 2026-06-23 2026-06-24
GROK-0002 2026-06-23 2026-06-24
GROK-0004 2026-06-23 2026-06-24
GROK-0005 2026-06-23 2026-06-24
GROK-0006 2026-06-23 2026-06-24
GROK-0007 2026-06-23 2026-06-24
GROK-0009 2026-06-23 2026-06-24
GROK-0010 2026-06-23 2026-06-24
GROK-0011 2026-06-23 2026-06-24
GROK-0012 2026-06-23 2026-06-24
GROK-0013 2026-06-23 2026-06-24
GROK-0014 2026-06-23 2026-06-24