{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","type":"deb","namespace":"debian","name":"gerbv","version":"2.9.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.10.0-1","latest_non_vulnerable_version":"2.10.0-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69923?format=json","vulnerability_id":"VCID-aufq-kcpp-33bu","summary":"An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40403","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42262","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42348","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42321","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42287","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42296","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40403"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aufq-kcpp-33bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69920?format=json","vulnerability_id":"VCID-e5te-5ppw-vfev","summary":"An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40400","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43749","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43739","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43718","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43788","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43798","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43774","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40400"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413","reference_id":"TALOS-2021-1413","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:19:59Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40400"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5te-5ppw-vfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69921?format=json","vulnerability_id":"VCID-r5s1-3kbz-5fgv","summary":"A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40401","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62364","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62353","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62337","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62352","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40403"},{"reference_url":"https://usn.ubuntu.com/6209-1/","reference_id":"USN-6209-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6209-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96213?format=json","purl":"pkg:deb/debian/gerbv@2.7.0-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e5te-5ppw-vfev"},{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.7.0-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96222?format=json","purl":"pkg:deb/debian/gerbv@2.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96210?format=json","purl":"pkg:deb/debian/gerbv@2.9.6-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v1wj-1fsh-zbcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96216?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96215?format=json","purl":"pkg:deb/debian/gerbv@2.10.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.10.0-2%3Fdistro=trixie"}],"aliases":["CVE-2021-40401"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5s1-3kbz-5fgv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gerbv@2.9.2-1%3Fdistro=trixie"}