First published: Fri Feb 04 2022(Updated: )
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/gerbv | <=2.7.0-1+deb10u1 | 2.7.0-1+deb10u3 2.7.0-2+deb11u2 2.9.6-1 2.10.0-1 |
Gerbv Project Gerbv | =2.7.0 | |
Gerbv Project Gerbv | =2.8.0-forked_dev | |
Fedoraproject Fedora | =36 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.