CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

References

Affected packages

Debian:11 / gerbv

Package

Name: gerbv
Purl: pkg:deb/debian/gerbv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.0-2

2.7.0-2+deb11u1

2.7.0-2+deb11u2

2.7.1-1

2.8.0-1

2.8.1-1

2.8.2-1

2.9.2-1

2.9.3-1

2.9.4-1

2.9.5-1

2.9.6-1

2.9.8-1

2.10.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / gerbv

Package

Name: gerbv
Purl: pkg:deb/debian/gerbv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.6-1

2.9.8-1

2.10.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / gerbv

Package

Name: gerbv
Purl: pkg:deb/debian/gerbv?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.0-1

Affected versions

2.*

2.9.6-1

2.9.8-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/gerbv/gerbv

Affected ranges

Type: GIT
Repo: https://github.com/gerbv/gerbv
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5517e22250e935dc7f86f64ad414aeae3dbcb36a

Affected versions

Other

gerbv-2-7-RELEASE

gerbv-2-8-0-RC-1

v2.*

v2.6.1

v2.7.0

v2.8.0

v2.8.0-rc.1

v2.8.1

v2.8.1-rc.1

v2.8.2

v2.8.2-rc.1

v2.9.0

v2.9.0-rc.1

v2.9.1

v2.9.1-rc.1

v2.9.2

v2.9.2-rc.1

v2.9.3

v2.9.3-rc.1

v2.9.4

v2.9.4-rc.1

v2.9.5

v2.9.5-rc.1

v2.9.6

v2.9.6-rc.1

v2.9.7

v2.9.7-rc.1

v2.9.8

v2.9.8-rc.1