832737 – (CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401, CVE-2021-40403) sci-electronics/gerbv: multiple vulnerabilities

Bug 832737 (CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401, CVE-2021-40403) - sci-electronics/gerbv: multiple vulnerabilities

Summary: sci-electronics/gerbv: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401, CVE-2021-40403

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2022-02-05 04:26 UTC by John Helmert III
Modified:	2024-04-21 22:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-02-05 04:26:46 UTC

CVE-2021-40401 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415):

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40403 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417):

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

Of course, Talos says the vendor has patched but no links.

Comment 1 John Helmert III archtester

2022-08-17 16:54:07 UTC

Description:
Seems like Talos reported a bunch of vulnerabilities over the course of several months, though one can only find that these were fixed via the gerbv releases page, rather than with CVE references.

https://github.com/gerbv/gerbv/releases

CVE-2021-40391 (https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402):

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40394 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404):

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40393 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404):

CVE-2021-40400 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413):

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Comment 2 John Helmert III archtester

2022-08-17 17:19:07 UTC

So, fixes are in 2.9.2.

Comment 3 Hans de Graaff gentoo-dev

2023-10-20 09:28:31 UTC

Ping. Please add gerbv-2.9.2 or newer to fix these security issues.