VDB
CVE-2021-40393
CVE-2021-40393
PUBLISHED
CVSS 10 CRITICAL
Reported by talos · Published December 22, 2021
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Risk Scores
CVSS 3.0
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Gerbv | Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260) |
| n/a | Gerbv | Gerbv 2.7.0, Gerbv dev (commit b5f1eacd),Gerbv forked dev (commit 71493260) |
Exploit Intelligence
Timeline
- Dec 22, 2021 CVE Published
- Dec 23, 2021 EPSS Score
- Feb 15, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jul 28, 2022 EPSS Score
- Sep 20, 2022 EPSS Score
- Nov 13, 2022 EPSS Score
- Jan 6, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- Jun 18, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
References
- DSA-5306 vendor-advisory
- FEDORA-2023-5f5bea627b vendor-advisory
- [debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update mailing-list