5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
10.5%
libgerbv.so is vulnerable to Denial of Service (DoS) attacks. The vulnerability is caused by an Out-of-bounds memory violation due to the way Gerber RS-274X filenames are parsed. The overflow occurs because the filename variable is not properly freed, which can cause the variable to overflow the memory bounds, causing Gerbv to crash.
CPE | Name | Operator | Version |
---|---|---|---|
libgerbv.so | le | 1.0.9 | |
gerbv:sid | eq | 2.7.0-2 | |
libgerbv.so | le | 1.0.9 | |
gerbv:sid | eq | 2.7.0-2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508
github.com/advisories/GHSA-m4qj-9cr4-hrw4
github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5
github.com/gerbv/gerbv/issues/191
lists.debian.org/debian-lts-announce/2023/09/msg00040.html