CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

Published: Aug 25, 2023
Updated: Aug 30, 2023
CVE: CVE-2023-4508
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-824

Affected Software
References

Software	From	Fixed in
gerbv_project / gerbv	2.4.0	2.10.0.x

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508
https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
https://github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5
https://github.com/gerbv/gerbv/issues/191
https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html

Vulnerability Database

CVE-2023-4508