Published: 04/02/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gerbv project gerbv 2.7.0
gerbv project gerbv 2.8.0
fedoraproject fedora 36
debian debian linux 11.0

Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed For the stable distribution (bullseye), these problems have been fixed in version 270-2+deb11u2 We recommend that you upgrade your ger ...

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 281 A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents An attacker can provide a malicious file to trigger this vulnerability ...

CWE-456 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417 https://www.debian.org/security/2022/dsa-5306 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5306

CVE-2021-40403

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect