UbuntuUpdates.org

Package "gerbv"

Name: gerbv

Description:

Gerber file viewer (only RS 274 X format)
Latest version: 2.7.0-1ubuntu0.2
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://sourceforge.net/projects/gerbv/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gerbv"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "gerbv" in Focal

Repository Area Version
base universe 2.7.0-1
updates universe 2.7.0-1ubuntu0.2

Changelog

Version: 2.7.0-1ubuntu0.2 2024-04-29 22:06:59 UTC

  gerbv (2.7.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Specially crafted input files can cause Gerbv to crash.
    - debian/patches/0003-fix-Out-of-bounds-memory-access-of-filename.patch:
      Fixes out-of-bounds memory access of filename.
    - CVE-2023-4508

 -- Chris Kim <email address hidden> Tue, 23 Apr 2024 15:37:14 -0700
Source diff to previous version
CVE-2023-4508 A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted

Version: 2.7.0-1ubuntu0.1 2023-07-06 19:07:02 UTC

  gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write when processing T code
    - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
      invalid tool number in src/drill.c.
    - CVE-2021-40391
  * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
    - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
      used when pushing and popping from memory in src/gerber.c.
    - CVE-2021-40393
  * SECURITY UPDATE: integer overflow when processing RS-274X files
    - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
      can produce an integer overflow in src/gerber.c.
    - CVE-2021-40394
  * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
    - debian/patches/CVE-2021-40400.patch: Limits the read location to the
      intentionally readable memory in src/gerber.c.
    - CVE-2021-40400
  * SECURITY UPDATE: use after free when processing RS-274X definitions
    - debian/patches/CVE-2021-40401.patch: Checks a function parsing
      strings to not return NULL in src/gerber.c.
    - CVE-2021-40401
  * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
    - debian/patches/CVE-2021-40403.patch: Checks the return code of a
      sscanf call in src/pick-and-place.c.
    - CVE-2021-40403

 -- George-Andrei Iosif <email address hidden> Wed, 05 Jul 2023 17:10:48 +0300
CVE-2021-40391 An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forke
CVE-2021-40393 An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) a
CVE-2021-40394 An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) a
CVE-2021-40400 An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and
CVE-2021-40401 A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerb
CVE-2021-40403 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Ger


About   -   Send Feedback to @ubuntu_updates