CVE-2021-40403

Summary

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aGerbvGerbv 2.7.0 ,Gerbv forked 2.8.0 ,Gerbv dev (commit b5f1eacd)affected

Weaknesses

  • CWE-456: CWE-456: Missing Initialization of a Variable

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References