Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918544 (CVE-2023-4508)

Summary: sci-electronics/gerbv: denial of service
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: sci-electronics
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/gerbv/gerbv/issues/191
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 18:14:24 UTC 
CVE-2023-4508:

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

Fix is in 2.10.0: https://github.com/gerbv/gerbv/releases/tag/v2.10.0