An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 | Exploit Third Party Advisory |
https://www.debian.org/security/2022/dsa-5306 | Third Party Advisory |
Information
Published : 2021-12-22 11:15
Updated : 2023-02-24 07:33
NVD link : CVE-2021-40393
Mitre link : CVE-2021-40393
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
debian
- debian_linux
gerbv_project
- gerbv