CVE-2023-4508

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4508
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4508.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-4508
Downstream
Related
Published
2023-08-24T23:15:09Z
Modified
2025-09-16T07:32:32.229170Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

References

Affected packages

Debian:11 / gerbv

Package

Name
gerbv
Purl
pkg:deb/debian/gerbv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.0-2
2.7.0-2+deb11u1
2.7.0-2+deb11u2
2.7.1-1
2.8.0-1
2.8.1-1
2.8.2-1
2.9.2-1
2.9.3-1
2.9.4-1
2.9.5-1
2.9.6-1
2.9.8-1
2.10.0-1
2.10.0-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / gerbv

Package

Name
gerbv
Purl
pkg:deb/debian/gerbv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.6-1
2.9.8-1
2.10.0-1
2.10.0-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / gerbv

Package

Name
gerbv
Purl
pkg:deb/debian/gerbv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:14 / gerbv

Package

Name
gerbv
Purl
pkg:deb/debian/gerbv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.0-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/gerbv/gerbv

Affected ranges

Type
GIT
Repo
https://github.com/gerbv/gerbv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5517e22250e935dc7f86f64ad414aeae3dbcb36a

Affected versions

Other

gerbv-2-7-RELEASE
gerbv-2-8-0-RC-1

v2.*

v2.6.1
v2.7.0
v2.8.0
v2.8.0-rc.1
v2.8.1
v2.8.1-rc.1
v2.8.2
v2.8.2-rc.1
v2.9.0
v2.9.0-rc.1
v2.9.1
v2.9.1-rc.1
v2.9.2
v2.9.2-rc.1
v2.9.3
v2.9.3-rc.1
v2.9.4
v2.9.4-rc.1
v2.9.5
v2.9.5-rc.1
v2.9.6
v2.9.6-rc.1
v2.9.7
v2.9.7-rc.1
v2.9.8
v2.9.8-rc.1

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "length": 18672.0,
                "function_hash": "151035615451760703062405692972615450079"
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-0116a0ce",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerber.c",
                "function": "parse_rs274x"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 3043.0,
                "function_hash": "316835375893895774265296963414226848314"
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-1439a561",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerbv.c",
                "function": "gerbv_open_image"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 351.0,
                "function_hash": "224507333183998678441420757403130524877"
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-d07af1bc",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerb_file.c",
                "function": "gerb_fclose"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "110654009997180941423980672946933617556",
                    "93519695742929234972248247967781702943",
                    "164351579554195883919714629243269746093",
                    "249545581152385628296645943267019102802",
                    "71018871993307237044543925073371649827",
                    "245060291867875879469480287748125599040",
                    "278006322465934607559875501828309865606"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-e205e346",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerb_file.c"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "235595660592295673842803310219106351357",
                    "276515810842570065798854566001758807232",
                    "53269493975263036937840712408954927514"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-e52c04ac",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerber.c"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "270016216821826403122368986537879850246",
                    "320375393977192736691563660731710743496",
                    "227836266252018423921159651619380381439",
                    "192219027457121853103605147555883976342",
                    "278437225364960379636459867311425012539",
                    "89618090827882968569477121499526155425",
                    "314665246827481007757517552516868310559",
                    "278426758206429291952462161220159418293"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-e8d4b800",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerbv.c"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "digest": {
                "length": 1671.0,
                "function_hash": "116808694527722409682738758190605002107"
            },
            "signature_version": "v1",
            "id": "CVE-2023-4508-fd42a452",
            "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
            "target": {
                "file": "src/gerb_file.c",
                "function": "gerb_fopen"
            },
            "deprecated": false
        }
    ]
}