gerbv-2.9.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12527 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gerbv-2.9.4-1.1 on GA media These are all security issues fixed in the gerbv-2.9.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12527 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12527 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-40400/ SUSE CVE CVE-2021-40400 page https://www.suse.com/security/cve/CVE-2021-40401/ SUSE CVE CVE-2021-40401 page https://www.suse.com/security/cve/CVE-2021-40403/ SUSE CVE CVE-2021-40403 page openSUSE Tumbleweed gerbv-2.9.4-1.1 gerbv-devel-2.9.4-1.1 libgerbv1-2.9.4-1.1 gerbv-2.9.4-1.1 as a component of openSUSE Tumbleweed gerbv-devel-2.9.4-1.1 as a component of openSUSE Tumbleweed libgerbv1-2.9.4-1.1 as a component of openSUSE Tumbleweed An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-40400 openSUSE Tumbleweed:gerbv-2.9.4-1.1 openSUSE Tumbleweed:gerbv-devel-2.9.4-1.1 openSUSE Tumbleweed:libgerbv1-2.9.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-40400.html CVE-2021-40400 https://bugzilla.suse.com/1198513 SUSE Bug 1198513 A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-40401 openSUSE Tumbleweed:gerbv-2.9.4-1.1 openSUSE Tumbleweed:gerbv-devel-2.9.4-1.1 openSUSE Tumbleweed:libgerbv1-2.9.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-40401.html CVE-2021-40401 https://bugzilla.suse.com/1195671 SUSE Bug 1195671 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-40403 openSUSE Tumbleweed:gerbv-2.9.4-1.1 openSUSE Tumbleweed:gerbv-devel-2.9.4-1.1 openSUSE Tumbleweed:libgerbv1-2.9.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-40403.html CVE-2021-40403 https://bugzilla.suse.com/1195673 SUSE Bug 1195673