SAN JOSE -- Cisco’s Talos Intelligence Group this week outlined six critical-severity vulnerabilities affecting Gerbv, the open-source file viewer for printed circuit board designs.
The investigators found that a so-called "out-of-bounds read vulnerability" in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0, Gerbv forked 2.7.1 and 2.8.0. Hackers could exploit this vulnerability to access the contents of Gerber file.
An attacker could reach the software over the network without user interaction or elevated privileges.
“Some PCB manufacturers use software like Gerbv in their web interfaces as a tool to convert Gerber (or other supported) files into images. Users can upload Gerber files to the manufacturer website, which are converted to an image to be displayed in the browser, so that users can verify that what has been uploaded matches their expectations,” the report said.
Gerbv is a native Linux application, and is used on UNIX and Windows platforms. It is used to view file formats Excellon drill files, Gerber RS-274X files and pick-and-place files.
While patches have been released for four of these vulnerabilities, two flaws remain unpatched more than 90 days since the vendor was notified, Talos said.
Register now for PCB East, the largest electronics technical conference and exhibition on the East Coast. Coming in April to Marlboro, MA.