A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
{ "vanir_signatures": [ { "signature_type": "Function", "digest": { "length": 18672.0, "function_hash": "151035615451760703062405692972615450079" }, "signature_version": "v1", "id": "CVE-2023-4508-0116a0ce", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerber.c", "function": "parse_rs274x" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 3043.0, "function_hash": "316835375893895774265296963414226848314" }, "signature_version": "v1", "id": "CVE-2023-4508-1439a561", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerbv.c", "function": "gerbv_open_image" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 351.0, "function_hash": "224507333183998678441420757403130524877" }, "signature_version": "v1", "id": "CVE-2023-4508-d07af1bc", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerb_file.c", "function": "gerb_fclose" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "110654009997180941423980672946933617556", "93519695742929234972248247967781702943", "164351579554195883919714629243269746093", "249545581152385628296645943267019102802", "71018871993307237044543925073371649827", "245060291867875879469480287748125599040", "278006322465934607559875501828309865606" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2023-4508-e205e346", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerb_file.c" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "235595660592295673842803310219106351357", "276515810842570065798854566001758807232", "53269493975263036937840712408954927514" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2023-4508-e52c04ac", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerber.c" }, "deprecated": false }, { "signature_type": "Line", "digest": { "line_hashes": [ "270016216821826403122368986537879850246", "320375393977192736691563660731710743496", "227836266252018423921159651619380381439", "192219027457121853103605147555883976342", "278437225364960379636459867311425012539", "89618090827882968569477121499526155425", "314665246827481007757517552516868310559", "278426758206429291952462161220159418293" ], "threshold": 0.9 }, "signature_version": "v1", "id": "CVE-2023-4508-e8d4b800", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerbv.c" }, "deprecated": false }, { "signature_type": "Function", "digest": { "length": 1671.0, "function_hash": "116808694527722409682738758190605002107" }, "signature_version": "v1", "id": "CVE-2023-4508-fd42a452", "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a", "target": { "file": "src/gerb_file.c", "function": "gerb_fopen" }, "deprecated": false } ] }