MGASA-2022-0176

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0176.html

Import Source

https://advisories.mageia.org/MGASA-2022-0176.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0176

Related

CVE-2021-40403

Published

2022-05-12T10:24:45Z

Modified

2022-05-12T09:37:43Z

Summary

Updated gerbv packages fix security vulnerability

Details

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40403)

References

https://advisories.mageia.org/MGASA-2022-0176.html
https://bugs.mageia.org/show_bug.cgi?id=30391
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2022-0176

Affected packages