CVE-2021-40400Improper Restriction of Operations within the Bounds of a Memory Buffer in Gerbv

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read7 documents5 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.2%
top 56.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gerbv Project GerbvDebian GerbvGerbv+1 more
Timeline
PublishedApr 14
Latest updateJul 7

Description

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5gerbv/gerbv_forkeddev (commit d7f42a9a)
debiandebian/gerbv< gerbv 2.9.2-1 (bookworm)
Debiangerbv_project/gerbv< 2.9.2-1+1
Ubuntugerbv_project/gerbv< 2.7.0-1ubuntu0.1+4
CVEListV5gerbv/gerbv2.7.0, dev (commit b5f1eacd)+1

🔴Vulnerability Details

3
OSV
Gerbv vulnerabilities2023-07-07
GHSA
GHSA-6c2w-p226-q9q8: An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 22022-04-15
OSV
CVE-2021-40400: An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 22022-04-14

📋Vendor Advisories

1
Debian
CVE-2021-40400: gerbv - An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline...2021

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure2022-02-24
Talos
Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure2022-02-24
CVE-2021-40400 — Debian Gerbv vulnerability | cvebase