CVE-2023-4508

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4508
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4508.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4508
Downstream
Related
Published
2023-08-24T23:15:09Z
Modified
2025-10-21T13:27:56.733735Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

References

Affected packages

Git / github.com/gerbv/gerbv

Affected ranges

Type
GIT
Repo
https://github.com/gerbv/gerbv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5517e22250e935dc7f86f64ad414aeae3dbcb36a

Affected versions

Other

gerbv-2-7-RELEASE
gerbv-2-8-0-RC-1

v2.*

v2.6.1
v2.7.0
v2.8.0
v2.8.0-rc.1
v2.8.1
v2.8.1-rc.1
v2.8.2
v2.8.2-rc.1
v2.9.0
v2.9.0-rc.1
v2.9.1
v2.9.1-rc.1
v2.9.2
v2.9.2-rc.1
v2.9.3
v2.9.3-rc.1
v2.9.4
v2.9.4-rc.1
v2.9.5
v2.9.5-rc.1
v2.9.6
v2.9.6-rc.1
v2.9.7
v2.9.7-rc.1
v2.9.8
v2.9.8-rc.1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-4508-0116a0ce",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "length": 18672.0,
            "function_hash": "151035615451760703062405692972615450079"
        },
        "target": {
            "function": "parse_rs274x",
            "file": "src/gerber.c"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-1439a561",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "length": 3043.0,
            "function_hash": "316835375893895774265296963414226848314"
        },
        "target": {
            "function": "gerbv_open_image",
            "file": "src/gerbv.c"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-d07af1bc",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "length": 351.0,
            "function_hash": "224507333183998678441420757403130524877"
        },
        "target": {
            "function": "gerb_fclose",
            "file": "src/gerb_file.c"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-e205e346",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "110654009997180941423980672946933617556",
                "93519695742929234972248247967781702943",
                "164351579554195883919714629243269746093",
                "249545581152385628296645943267019102802",
                "71018871993307237044543925073371649827",
                "245060291867875879469480287748125599040",
                "278006322465934607559875501828309865606"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/gerb_file.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-e52c04ac",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "235595660592295673842803310219106351357",
                "276515810842570065798854566001758807232",
                "53269493975263036937840712408954927514"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/gerber.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-e8d4b800",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "270016216821826403122368986537879850246",
                "320375393977192736691563660731710743496",
                "227836266252018423921159651619380381439",
                "192219027457121853103605147555883976342",
                "278437225364960379636459867311425012539",
                "89618090827882968569477121499526155425",
                "314665246827481007757517552516868310559",
                "278426758206429291952462161220159418293"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/gerbv.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "id": "CVE-2023-4508-fd42a452",
        "source": "https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a",
        "signature_version": "v1",
        "digest": {
            "length": 1671.0,
            "function_hash": "116808694527722409682738758190605002107"
        },
        "target": {
            "function": "gerb_fopen",
            "file": "src/gerb_file.c"
        },
        "signature_type": "Function",
        "deprecated": false
    }
]