CVE-2021-3695: GRUB2 PNG 16-bit grayscale heap overflow (stride mismatch)

CVE-2021-3695: Heap buffer overflow in GRUB2's PNG image loader (grub-core/video/readers/png.c) when processing crafted 16-bit grayscale PNG images without alpha. grub_png_convert_image() advances destination pointer by 4 bytes per pixel for 16-bit gray images, but the destination bitmap is allocated as RGB_888 (3 bytes/pixel), causing heap OOB write of widthheight bytes past the bitmap buffer. CVE-2021-3695: Heap buffer overflow in GRUB2's PNG image loader (grub-core/video/readers/png.c) when processing crafted 16-bit grayscale PNG images without alpha. grub_png_convert_image() advances destination pointer by 4 bytes per pixel for 16-bit gray images, but the destination bitmap is allocated as RGB_888 (3 bytes/pixel), causing heap OOB write of widthheight bytes past the bitmap buffer.