Permalink
CVE-2023-4508
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Denial of Service in Gerbv
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.
References
- https://github.com/gerbv/gerbv/issues/191 issue-tracking
- https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a patch
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 issue-tracking
- https://github.com/gerbv/gerbv/issues/191 issue-tracking
- https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a patch
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 issue-tracking
- https://github.com/gerbv/gerbv/issues/191 issue-tracking x_transferred
- https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a x_transferred patch
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508 issue-tracking x_transferred
Affected products
gerbv
- <2.10.0
Package maintainers
-
@mogorman Matthew O'Gorman <mog-lists@rldn.net>