Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 832737 (CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401, CVE-2021-40403) - sci-electronics/gerbv: multiple vulnerabilities
Summary: sci-electronics/gerbv: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, CVE-2021-40400, CVE-2021-40401, CVE-2021-40403
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [ebuild?]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-05 04:26 UTC by John Helmert III
Modified: 2022-08-17 17:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-05 04:26:46 UTC
CVE-2021-40401 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415):

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40403 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417):

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

Of course, Talos says the vendor has patched but no links.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 16:54:07 UTC
Description:
Seems like Talos reported a bunch of vulnerabilities over the course of several months, though one can only find that these were fixed via the gerbv releases page, rather than with CVE references.

https://github.com/gerbv/gerbv/releases

CVE-2021-40391 (https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402):

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40394 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404):

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40393 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404):

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40400 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413):

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 17:19:07 UTC
So, fixes are in 2.9.2.