CVE-2023-4508

low-risk

Published 2023-08-24

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Gerbv

Affected Vendors

Gerbv Project

References (6)

Third Party Advisory https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508

https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a

Exploit https://github.com/gerbv/gerbv/issues/191

Third Party Advisory https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508

https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a

Exploit https://github.com/gerbv/gerbv/issues/191

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal