NotCVE - vendor:"Gerbv Project" product:"Gerbv"

8 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-4508 – Denial of Service in Gerbv

https://notcve.org/view.php?id=CVE-2023-4508

24 Aug 2023 — A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 • CWE-824: Access of Uninitialized Pointer •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-40402

https://notcve.org/view.php?id=CVE-2021-40402

14 Apr 2022 — An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de lectura fuera de límites en la funcionalidad de primitivas de contorno múltiple de la macro RS-274X de Gerbv versiones 2.7.0 y dev (commit b5f1eacd... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416 • CWE-125: Out-of-bounds Read CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-40400

https://notcve.org/view.php?id=CVE-2021-40400

14 Apr 2022 — An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de lectura fuera de límites en la funcionalidad primitiva del contorno de la macro RS-274X de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y la... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-40401 – Debian Security Advisory 5306-1

https://notcve.org/view.php?id=CVE-2021-40401

04 Feb 2022 — A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad RS-274X aperture definition tokenization de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y Gerbv forked versión 2.7.1. Un ar... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47 • CWE-252: Unchecked Return Value •

CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-40403 – Debian Security Advisory 5306-1

https://notcve.org/view.php?id=CVE-2021-40403

04 Feb 2022 — An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad pick-and-place rotation parsing de Gerbv versiones 2.7.0 y dev (commit b5f... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C • CWE-456: Missing Initialization of a Variable CWE-909: Missing Initialization of Resource •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-40393 – Debian Security Advisory 5306-1

https://notcve.org/view.php?id=CVE-2021-40393

22 Dec 2021 — An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad aperture macro variables handling de RS-274X de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y la v... • https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-40394 – Debian Security Advisory 5306-1

https://notcve.org/view.php?id=CVE-2021-40394

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1

CVE-2021-40391 – Ubuntu Security Notice USN-6209-1

https://notcve.org/view.php?id=CVE-2021-40391

19 Nov 2021 — An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad drill format T-code tool number de Gerbv versión 2.7.0, dev (commit b5f1eacd), y la versión forked de Gerbv (comm... • https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •