Headline
CVE-2023-4508: fix: Out-of-bounds memory access of filename. · gerbv/gerbv@dfb5aac
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
Expand Up
@@ -507,9 +507,6 @@ gerbv_open_image(gerbv_project_t *gerbvProject, gchar const* filename, int idx,
return -1;
}
/* Store filename info fd for further use */
fd->filename = g_strdup(filename);
dprintf(“In open_image, successfully opened file. Now check its type…\n”);
/* Here’s where we decide what file type we have */
/* Note: if the file has some invalid characters in it but still appears to
Expand Down Expand Up
@@ -578,7 +575,6 @@ gerbv_open_image(gerbv_project_t *gerbvProject, gchar const* filename, int idx,
parsed_image = NULL;
}
g_free(fd->filename);
gerb_fclose(fd);
if (parsed_image == NULL) {
return -1;
Expand Down
Related news
Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.