Package "gerbv"
Name: |
gerbv
|
Description: |
Gerber file viewer (only RS 274 X format)
|
Latest version: |
2.7.0-1ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
https://sourceforge.net/projects/gerbv/ |
Links
Download "gerbv"
Other versions of "gerbv" in Focal
Changelog
gerbv (2.7.0-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Specially crafted input files can cause Gerbv to crash.
- debian/patches/0003-fix-Out-of-bounds-memory-access-of-filename.patch:
Fixes out-of-bounds memory access of filename.
- CVE-2023-4508
-- Chris Kim <email address hidden> Tue, 23 Apr 2024 15:37:14 -0700
|
Source diff to previous version |
CVE-2023-4508 |
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted |
|
gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write when processing T code
- debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
invalid tool number in src/drill.c.
- CVE-2021-40391
* SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
- debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
used when pushing and popping from memory in src/gerber.c.
- CVE-2021-40393
* SECURITY UPDATE: integer overflow when processing RS-274X files
- debian/patches/CVE-2021-40394.patch: Checks if the input parameters
can produce an integer overflow in src/gerber.c.
- CVE-2021-40394
* SECURITY UPDATE: out-of-bounds read when processing RS-274X files
- debian/patches/CVE-2021-40400.patch: Limits the read location to the
intentionally readable memory in src/gerber.c.
- CVE-2021-40400
* SECURITY UPDATE: use after free when processing RS-274X definitions
- debian/patches/CVE-2021-40401.patch: Checks a function parsing
strings to not return NULL in src/gerber.c.
- CVE-2021-40401
* SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
- debian/patches/CVE-2021-40403.patch: Checks the return code of a
sscanf call in src/pick-and-place.c.
- CVE-2021-40403
-- George-Andrei Iosif <email address hidden> Wed, 05 Jul 2023 17:10:48 +0300
|
CVE-2021-40391 |
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forke |
CVE-2021-40393 |
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) a |
CVE-2021-40394 |
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) a |
CVE-2021-40400 |
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and |
CVE-2021-40401 |
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerb |
CVE-2021-40403 |
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Ger |
|
About
-
Send Feedback to @ubuntu_updates