CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
19.6%
libgerbv.so is vulnerable to Denial of Service (DoS) attacks. The vulnerability is caused by an Out-of-bounds memory violation due to the way Gerber RS-274X filenames are parsed. The overflow occurs because the filename variable is not properly freed, which can cause the variable to overflow the memory bounds, causing Gerbv to crash.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508
github.com/advisories/GHSA-m4qj-9cr4-hrw4
github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
github.com/gerbv/gerbv/commit/dfb5aac533a3f9e8ccd93ca217a753258cba4fe5
github.com/gerbv/gerbv/issues/191
lists.debian.org/debian-lts-announce/2023/09/msg00040.html