CVE-2021-40394 — Vulnetix

CVE-2021-40394 PUBLISHED CVSS 10 CRITICAL

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

EPSS 0.55% · 68.5th percentile

Risk Scores

CVSS 3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.55%

68.5th percentile

Affected Products

Vendor	Product	Versions
n/a	Gerbv	Gerbv 2.7.0,Gerbv dev (commit b5f1eacd), Gerbv forked dev (commit 71493260)
gerbv_project	gerbv	2.7.0
debian	debian_linux	9.0, 10.0, 11.0

Exploit Intelligence

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 (nist-nvd)
DSA-5306 (circl)
[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update (circl)

Timeline

Dec 22, 2021 CVE Published
Dec 23, 2021 EPSS Score
Feb 15, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jul 28, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 13, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Mar 2, 2023 EPSS Score
Apr 25, 2023 EPSS Score
Jun 18, 2023 EPSS Score
Aug 11, 2023 EPSS Score

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 url
DSA-5306 vendor-advisory
[debian-lts-announce] 20230930 [SECURITY] [DLA 3593-1] gerbv security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2021-40394 advisory

Open in Interactive Console →