8 matches found
CVE-2023-4508
CVE-2023-4508 affects Gerbv versions 2.4.0–2.10.0, with out-of-bounds memory access when parsing RS-274X files, causing a crash and potential denial-of-service. Connected advisories confirm the issue across distributions (Debian/Ubuntu/OpenSUSE) and indicate fixed versions in respective releases;...
CVE-2021-40401
CVE-2021-40401 affects Gerbv (RS-274X aperture definition tokenization) with a use-after-free in 2.7.0 (and forks) that an attacker can trigger via a crafted Gerber file to achieve code execution. Connected advisories confirm additional related CVEs (CVE-2021-40403 etc.) and describe the same fam...
CVE-2021-40394
Gerbv versions 2.7.0 and its development forks are affected by CVE-2021-40394 due to an out-of-bounds write in RS-274X aperture macro variables handling and an integer overflow in the outline primitive. A specially crafted Gerber file could lead to code execution. Debian’s DLA-3593-1 (and related...
CVE-2021-40393
CVE-2021-40393 is an out-of-bounds write in Gerbv’s RS-274X aperture macro variables handling, affecting Gerbv 2.7.0 (and dev) and forked versions. A crafted Gerber file can lead to code execution. The issue is documented across multiple advisories (e.g., Debian DLA-3593-1, Ubuntu USN-6209-1, Fed...
CVE-2021-40403
CVE-2021-40403 affects Gerbv: pick-and-place rotation parsing in Gerbv 2.7.0 and development fork (and 2.8.0 fork) allows memory contents disclosure due to missing initialization of a structure. A crafted Gerber file can trigger the leak. Debian/Ubuntu advisories indicate fixed packages (e.g., 2....
CVE-2021-40391
Gerbv 2.7.0, dev (commit b5f1eacd) and forks are affected by an out-of-bounds write in the drill format T-code tool number functionality, enabling code execution via a crafted drill file. Connected notes (e.g., Mageia MGASA-2022-0260 and related advisories) confirm this CVE-2021-40391 issue and d...
CVE-2021-40400
CVE-2021-40400 is an out-of-bounds read vulnerability in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and its fork. A specially crafted Gerber file can trigger information disclosure. The attack vector involves providing a malicious Gerber fi...
CVE-2021-40402
CVE-2021-40402 concerns Gerbv and its derivatives, where an out-of-bounds read in the RS-274X aperture macro multi-outline primitives can disclose information when processing a crafted Gerber/file input. Connected sources document affected versions and scope, including Gerbv, its forks, and relat...