First published: Fri Feb 04 2022(Updated: )
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/gerbv | <=2.7.0-1+deb10u1 | 2.7.0-1+deb10u3 2.7.0-2+deb11u2 2.9.6-1 2.10.0-1 |
Gerbv Project Gerbv | =2.7.0 | |
Gerbv Project Gerbv | =2.7.1-forked_dev | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.