Headline
Debian Security Advisory 5306-1
Debian Linux Security Advisory 5306-1 - Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5306-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoDecember 27, 2022 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : gerbvCVE ID : CVE-2021-40393 CVE-2021-40394 CVE-2021-40401 CVE-2021-40403Several vulnerabilities were discovered in gerbv, a Gerber file viewer,which could result in the execution of arbitrary code, denial of serviceor information disclosure if a specially crafted file is processed.For the stable distribution (bullseye), these problems have been fixed inversion 2.7.0-2+deb11u2.We recommend that you upgrade your gerbv packages.For the detailed security status of gerbv please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gerbvFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOq/ExfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Qbzw/9HJCEspk5wEzreH6CJZb1NQdGHFg4WupQnTss3bOhJF9bw6RJegaGNZB+XhJ3b6924dwu5yI/WfFn7lcNSvNlZ2gRE/VqOeWtBTrwI0+xGbKX/dN/qve98sXDgsbQPFi16Vky/5IWMvu9zYAlHAeyjeS1uCVPartlEdQZOzMQ360GDvY/GJ9X8bKldQ1+LtV5qxph97sYuADttNdCY+Qeuu5bvsgXZiKHUX3Fa5v7855APS12w8kRbvaHe9mAhokQ3AXWyZguvBUIEDuHxRR2OeLH5wXQDe5/R/AHiUrkghxmWX2k1APhP7BS7gfVgNy7yhnZVPLmd85yKSOndiIy3v8rUg8KPmSN7lTKMJDLdlneNHa+vesKN9UgB431fvT6z6s3ZOOTIKE9X/G/m11m54QbC0TyXDkL0lFzCC+JHcKxrRK7PxPcJ5Wmyt7/tW3tYHGMNYF30IEqvETXONMh1H4Adg5M5leuXK3j1dotUBtGprAGAZKuc164zNzejkoRfhtOOU5244AU+qWrc803jWhHcPX/a3+STt/IVAykUIw1lxsskNpQx+JnzyBnU85KNZtyB99kkrbjPfhX5vImv4iBrN0hEmnnbQHM22YilTN1BMZJAbEKyD6jtSvyKwotRXD6TEpYIe7fMPz5rwxg1by4LpBlE3x3gvbjN6zFO8I=yc9S-----END PGP SIGNATURE-----Related news
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.