{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","type":"deb","namespace":"debian","name":"gerbv","version":"2.10.0-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69917?format=json","vulnerability_id":"VCID-6xbg-9hwq-xqbu","summary":"An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40391","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65074","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65116","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65115","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65103","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65121","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40391"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96214?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96212?format=json","purl":"pkg:deb/debian/gerbv@2.7.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40391"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xbg-9hwq-xqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69923?format=json","vulnerability_id":"VCID-aufq-kcpp-33bu","summary":"An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40403","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42262","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42348","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42321","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42287","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42296","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40403"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aufq-kcpp-33bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69918?format=json","vulnerability_id":"VCID-buzs-3djc-xkaa","summary":"An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40393","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63043","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63087","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63095","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63085","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63072","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63089","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96218?format=json","purl":"pkg:deb/debian/gerbv@2.8.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.8.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40393"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-buzs-3djc-xkaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69920?format=json","vulnerability_id":"VCID-e5te-5ppw-vfev","summary":"An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40400","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43739","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43718","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43788","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43774","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40400"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413","reference_id":"TALOS-2021-1413","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:19:59Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40400"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5te-5ppw-vfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69919?format=json","vulnerability_id":"VCID-pbm7-cjed-aua4","summary":"An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40394","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68503","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68504","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68507","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96220?format=json","purl":"pkg:deb/debian/gerbv@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40394"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbm7-cjed-aua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69921?format=json","vulnerability_id":"VCID-r5s1-3kbz-5fgv","summary":"A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40401","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62364","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62353","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62337","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62352","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40401"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5s1-3kbz-5fgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69924?format=json","vulnerability_id":"VCID-v1wj-1fsh-zbcj","summary":"A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4508","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1193","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11925","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11888","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11806","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11816","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050560","reference_id":"1050560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050560"},{"reference_url":"https://usn.ubuntu.com/6760-1/","reference_id":"USN-6760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6760-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2023-4508"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1wj-1fsh-zbcj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}