Debian 10 Buster DLA-3210-1 Critical: Gerbv Execution Risk & Info Leak
debian lts
November 28, 2022
Two vulnerabilities were discovered gerbv, a Gerber file viewer
Topics Covered
Summary
* CVE-2021-40401: A use-after-free vulnerability existed in the
RS-274X aperture definition tokenization functionality. A
specially-crafted gerber file could have led to code execution.
* CVE-2021-40403: An information disclosure vulnerability existed in
the pick-and-place rotation parsing functionality. A
specially-crafted pick-and-place file could have exploited the
missing initialization of a structure in order to leak memory
contents.
For Debian 10 buster, these problems have been fixed in version
2.7.0-1+deb10u2.
We recommend that you upgrade your gerbv packages.
For the detailed security status of gerbv please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/gerbv
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: gerbv
Version: 2.7.0-1+deb10u2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!