CVE-2021-40401

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions Gerbv versions 2.7.0 through 2.7.1 Gerbv dev (commit b5f1eacd)

Description A use-after-free issue exists in the RS-274X aperture definition tokenization functionality. This can be triggered by a specially-crafted gerber file, potentially leading to code execution. An attacker can exploit this by providing a malicious file.

Recommendations For Gerbv versions 2.7.0 through 2.7.1, consider avoiding the use of the RS-274X aperture definition tokenization functionality until a patch is available. For Gerbv dev (commit b5f1eacd), restrict the processing of gerber files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALT-PU-2024-17464

ALT-PU-2024-17535

CVE-2021-40401

DLA-3210-1

DSA-5306-1

MGASA-2022-0260

OPENSUSE-SU-2024:12527-1

USN-6209-1

Affected Products

Alt Linux

Gerbv

Linuxmint

Ubuntu

CVE-2021-40401

Weakness Enumeration

Related Identifiers

Affected Products

References · 26