CVE-2023-4508 — Vulnetix

CVE-2023-4508 PUBLISHED CVSS 5.5 MEDIUM

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

EPSS 0.04% · 11.9th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.04%

11.9th percentile

Affected Products

Vendor	Product	Versions
Gerbv	gerbv	2.4.0
gerbv_project	gerbv	2.4.0

Exploit Intelligence

https://github.com/gerbv/gerbv/issues/191 (nist-nvd)
https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a (circl)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 (circl)

Timeline

Aug 24, 2023 CVE Published
Aug 25, 2023 EPSS Score
Sep 27, 2023 EPSS Score
Oct 30, 2023 EPSS Score
Dec 2, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 6, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 12, 2024 EPSS Score
May 15, 2024 EPSS Score
Jun 17, 2024 EPSS Score
Jul 20, 2024 EPSS Score

References

https://github.com/gerbv/gerbv/issues/191 issue
https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a patch
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 issue
https://nvd.nist.gov/vuln/detail/CVE-2023-4508 advisory
https://github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5 url
https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html url

Open in Interactive Console →