CVE-2021-40402

Summary

An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
GerbvGerbv2.7.0affected
GerbvGerbvdev (commit b5f1eacd)affected
GerbvGerbv forked2.7.1affected
GerbvGerbv forked2.8.0affected

Weaknesses

  • CWE-755: CWE-755: Improper Handling of Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References