Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities by gerbv_project

    CVE-2023-4508 (GCVE-0-2023-4508)

    Vulnerability from nvd – Published: 2023-08-24 22:51 – Updated: 2024-08-02 07:31
    VLAI
    Title
    Denial of Service in Gerbv
    Summary
    A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    Impacted products
    Vendor Product Version
    Gerbv gerbv Affected: 2.4.0 , < 2.10.0 (semver)
    Create a notification for this product.
    Date Public
    2023-07-11 00:00
    Credits
    George-Andrei Iosif David Fernandez Gonzalez Eyal Soha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:05.854Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/gerbv/gerbv/issues/191"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "gerbv",
              "platforms": [
                "Linux",
                "Windows"
              ],
              "product": "gerbv",
              "repo": "https://github.com/gerbv/gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "lessThan": "2.10.0",
                  "status": "affected",
                  "version": "2.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George-Andrei Iosif"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "David Fernandez Gonzalez"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Eyal Soha"
            }
          ],
          "datePublic": "2023-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-263",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-263 Force Use of Corrupted Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-30T23:35:01.605Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/gerbv/gerbv/issues/191"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508"
            }
          ],
          "title": "Denial of Service in Gerbv"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-4508",
        "datePublished": "2023-08-24T22:51:47.669Z",
        "dateReserved": "2023-08-23T22:46:14.667Z",
        "dateUpdated": "2024-08-02T07:31:05.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40402 (GCVE-0-2021-40402)

    Vulnerability from nvd – Published: 2022-04-14 19:56 – Updated: 2025-04-15 19:07
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gerbv Gerbv Affected: 2.7.0
    Affected: dev (commit b5f1eacd)
    Create a notification for this product.
    Gerbv Gerbv forked Affected: 2.7.1
    Affected: 2.8.0
    Create a notification for this product.
    Date Public
    2022-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40402",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:19:55.105612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:07:40.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.0"
                },
                {
                  "status": "affected",
                  "version": "dev  (commit b5f1eacd)"
                }
              ]
            },
            {
              "product": "Gerbv forked",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.1"
                },
                {
                  "status": "affected",
                  "version": "2.8.0"
                }
              ]
            }
          ],
          "datePublic": "2022-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-14T19:56:14.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2022-02-28",
              "ID": "CVE-2021-40402",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "dev  (commit b5f1eacd)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Gerbv forked",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerbv"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9.3,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-755: Improper Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40402",
        "datePublished": "2022-04-14T19:56:14.140Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:07:40.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40400 (GCVE-0-2021-40400)

    Vulnerability from nvd – Published: 2022-04-14 19:56 – Updated: 2025-04-15 19:07
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gerbv Gerbv Affected: 2.7.0
    Affected: dev (commit b5f1eacd)
    Create a notification for this product.
    Gerbv Gerbv forked Affected: dev (commit d7f42a9a)
    Create a notification for this product.
    Date Public
    2022-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40400",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:19:59.087455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:07:48.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.0"
                },
                {
                  "status": "affected",
                  "version": "dev  (commit b5f1eacd)"
                }
              ]
            },
            {
              "product": "Gerbv forked",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "dev (commit d7f42a9a)"
                }
              ]
            }
          ],
          "datePublic": "2022-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-14T19:56:12.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2022-02-28",
              "ID": "CVE-2021-40400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "dev  (commit b5f1eacd)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Gerbv forked",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "dev (commit d7f42a9a)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerbv"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9.3,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40400",
        "datePublished": "2022-04-14T19:56:12.636Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:07:48.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40403 (GCVE-0-2021-40403)

    Vulnerability from nvd – Published: 2022-02-04 00:00 – Updated: 2025-04-15 19:11
    VLAI
    Summary
    An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-456 - Missing Initialization of a Variable
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 ,Gerbv forked 2.8.0 ,Gerbv dev (commit b5f1eacd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417"
              },
              {
                "name": "FEDORA-2022-e819bd191f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40403",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:20:14.983862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:11:58.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 ,Gerbv forked 2.8.0 ,Gerbv dev (commit b5f1eacd)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-456",
                  "description": "CWE-456: Missing Initialization of a Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417"
            },
            {
              "name": "FEDORA-2022-e819bd191f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40403",
        "datePublished": "2022-02-04T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:11:58.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40401 (GCVE-0-2021-40401)

    Vulnerability from nvd – Published: 2022-02-04 00:00 – Updated: 2025-04-15 19:12
    VLAI
    Summary
    A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 ,Gerbv forked 2.7.1 ,Gerbv dev (commit b5f1eacd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415"
              },
              {
                "name": "FEDORA-2022-4a3ef86baa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40401",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:20:19.999322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:12:05.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 ,Gerbv forked 2.7.1 ,Gerbv dev (commit b5f1eacd)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252: Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40401",
        "datePublished": "2022-02-04T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:12:05.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40394 (GCVE-0-2021-40394)

    Vulnerability from nvd – Published: 2021-12-22 00:00 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • out of bounds write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0,Gerbv dev (commit b5f1eacd), Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              },
              {
                "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0,Gerbv dev (commit b5f1eacd), Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out of bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T16:06:17.781Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            },
            {
              "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40394",
        "datePublished": "2021-12-22T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40393 (GCVE-0-2021-40393)

    Vulnerability from nvd – Published: 2021-12-22 00:00 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              },
              {
                "name": "FEDORA-2023-5f5bea627b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37OSNNO5N5FJZP6ZBYRJMML5HYMJQIX7/"
              },
              {
                "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T16:06:21.045Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            },
            {
              "name": "FEDORA-2023-5f5bea627b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37OSNNO5N5FJZP6ZBYRJMML5HYMJQIX7/"
            },
            {
              "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40393",
        "datePublished": "2021-12-22T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40391 (GCVE-0-2021-40391)

    Vulnerability from nvd – Published: 2021-11-19 18:53 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • CWE-390 - Detection of Error Condition Without Action
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
              },
              {
                "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
              },
              {
                "name": "FEDORA-2022-4a3ef86baa",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-390",
                  "description": "CWE-390: Detection of Error Condition Without Action",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-09T03:06:21.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
            },
            {
              "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2021-40391",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-390: Detection of Error Condition Without Action"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
                },
                {
                  "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
                },
                {
                  "name": "FEDORA-2022-4a3ef86baa",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40391",
        "datePublished": "2021-11-19T18:53:49.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4508 (GCVE-0-2023-4508)

    Vulnerability from cvelistv5 – Published: 2023-08-24 22:51 – Updated: 2024-08-02 07:31
    VLAI
    Title
    Denial of Service in Gerbv
    Summary
    A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    Impacted products
    Vendor Product Version
    Gerbv gerbv Affected: 2.4.0 , < 2.10.0 (semver)
    Create a notification for this product.
    Date Public
    2023-07-11 00:00
    Credits
    George-Andrei Iosif David Fernandez Gonzalez Eyal Soha
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:05.854Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/gerbv/gerbv/issues/191"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "gerbv",
              "platforms": [
                "Linux",
                "Windows"
              ],
              "product": "gerbv",
              "repo": "https://github.com/gerbv/gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "lessThan": "2.10.0",
                  "status": "affected",
                  "version": "2.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "George-Andrei Iosif"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "David Fernandez Gonzalez"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Eyal Soha"
            }
          ],
          "datePublic": "2023-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-263",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-263 Force Use of Corrupted Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-30T23:35:01.605Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/gerbv/gerbv/issues/191"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508"
            }
          ],
          "title": "Denial of Service in Gerbv"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-4508",
        "datePublished": "2023-08-24T22:51:47.669Z",
        "dateReserved": "2023-08-23T22:46:14.667Z",
        "dateUpdated": "2024-08-02T07:31:05.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40402 (GCVE-0-2021-40402)

    Vulnerability from cvelistv5 – Published: 2022-04-14 19:56 – Updated: 2025-04-15 19:07
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gerbv Gerbv Affected: 2.7.0
    Affected: dev (commit b5f1eacd)
    Create a notification for this product.
    Gerbv Gerbv forked Affected: 2.7.1
    Affected: 2.8.0
    Create a notification for this product.
    Date Public
    2022-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40402",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:19:55.105612Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:07:40.254Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.0"
                },
                {
                  "status": "affected",
                  "version": "dev  (commit b5f1eacd)"
                }
              ]
            },
            {
              "product": "Gerbv forked",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.1"
                },
                {
                  "status": "affected",
                  "version": "2.8.0"
                }
              ]
            }
          ],
          "datePublic": "2022-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-14T19:56:14.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2022-02-28",
              "ID": "CVE-2021-40402",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "dev  (commit b5f1eacd)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Gerbv forked",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerbv"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9.3,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-755: Improper Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40402",
        "datePublished": "2022-04-14T19:56:14.140Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:07:40.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40400 (GCVE-0-2021-40400)

    Vulnerability from cvelistv5 – Published: 2022-04-14 19:56 – Updated: 2025-04-15 19:07
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gerbv Gerbv Affected: 2.7.0
    Affected: dev (commit b5f1eacd)
    Create a notification for this product.
    Gerbv Gerbv forked Affected: dev (commit d7f42a9a)
    Create a notification for this product.
    Date Public
    2022-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40400",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:19:59.087455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:07:48.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.7.0"
                },
                {
                  "status": "affected",
                  "version": "dev  (commit b5f1eacd)"
                }
              ]
            },
            {
              "product": "Gerbv forked",
              "vendor": "Gerbv",
              "versions": [
                {
                  "status": "affected",
                  "version": "dev (commit d7f42a9a)"
                }
              ]
            }
          ],
          "datePublic": "2022-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-14T19:56:12.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2022-02-28",
              "ID": "CVE-2021-40400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "dev  (commit b5f1eacd)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Gerbv forked",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "dev (commit d7f42a9a)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gerbv"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9.3,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40400",
        "datePublished": "2022-04-14T19:56:12.636Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:07:48.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40403 (GCVE-0-2021-40403)

    Vulnerability from cvelistv5 – Published: 2022-02-04 00:00 – Updated: 2025-04-15 19:11
    VLAI
    Summary
    An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-456 - Missing Initialization of a Variable
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 ,Gerbv forked 2.8.0 ,Gerbv dev (commit b5f1eacd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:10.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417"
              },
              {
                "name": "FEDORA-2022-e819bd191f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40403",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:20:14.983862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:11:58.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 ,Gerbv forked 2.8.0 ,Gerbv dev (commit b5f1eacd)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-456",
                  "description": "CWE-456: Missing Initialization of a Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417"
            },
            {
              "name": "FEDORA-2022-e819bd191f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40403",
        "datePublished": "2022-02-04T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:11:58.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40401 (GCVE-0-2021-40401)

    Vulnerability from cvelistv5 – Published: 2022-02-04 00:00 – Updated: 2025-04-15 19:12
    VLAI
    Summary
    A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 ,Gerbv forked 2.7.1 ,Gerbv dev (commit b5f1eacd)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415"
              },
              {
                "name": "FEDORA-2022-4a3ef86baa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40401",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T18:20:19.999322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T19:12:05.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 ,Gerbv forked 2.7.1 ,Gerbv dev (commit b5f1eacd)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252: Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40401",
        "datePublished": "2022-02-04T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2025-04-15T19:12:05.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40394 (GCVE-0-2021-40394)

    Vulnerability from cvelistv5 – Published: 2021-12-22 00:00 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • out of bounds write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0,Gerbv dev (commit b5f1eacd), Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              },
              {
                "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0,Gerbv dev (commit b5f1eacd), Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out of bounds write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T16:06:17.781Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            },
            {
              "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40394",
        "datePublished": "2021-12-22T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40393 (GCVE-0-2021-40393)

    Vulnerability from cvelistv5 – Published: 2021-12-22 00:00 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
              },
              {
                "name": "DSA-5306",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5306"
              },
              {
                "name": "FEDORA-2023-5f5bea627b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37OSNNO5N5FJZP6ZBYRJMML5HYMJQIX7/"
              },
              {
                "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T16:06:21.045Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404"
            },
            {
              "name": "DSA-5306",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5306"
            },
            {
              "name": "FEDORA-2023-5f5bea627b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37OSNNO5N5FJZP6ZBYRJMML5HYMJQIX7/"
            },
            {
              "name": "[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40393",
        "datePublished": "2021-12-22T00:00:00.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40391 (GCVE-0-2021-40391)

    Vulnerability from cvelistv5 – Published: 2021-11-19 18:53 – Updated: 2024-08-04 02:44
    VLAI
    Summary
    An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
    CWE
    • CWE-390 - Detection of Error Condition Without Action
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Gerbv Affected: Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:44:09.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
              },
              {
                "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
              },
              {
                "name": "FEDORA-2022-4a3ef86baa",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gerbv",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-390",
                  "description": "CWE-390: Detection of Error Condition Without Action",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-09T03:06:21.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
            },
            {
              "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "ID": "CVE-2021-40391",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gerbv",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-390: Detection of Error Condition Without Action"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
                },
                {
                  "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
                },
                {
                  "name": "FEDORA-2022-4a3ef86baa",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2021-40391",
        "datePublished": "2021-11-19T18:53:49.000Z",
        "dateReserved": "2021-09-01T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:44:09.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }