Cisco Talos researcher besides notice a mass medium - inclemency data revelation vulnerability in Gerbv ’s cream - and - office revolution parse functionality ( CVE-2021 - 40403 ) . Gerbv has been download over a million time from SourceForge . By issue a peculiarly craft Gerber charge , both of these flaw can be tap . spot for four of these flaw have been let go , harmonize to Talos ( three critical- and one sensitive - grimness ) . Four of the freshly disclose vulnerability let a CVSS tally of 10 : CVE-2021 - 40391 , CVE-2021 - 40393 , CVE-2021 - 40394 , and CVE-2021 - 40401 . exploiter can upload gerber lodge to the manufacturing business ’s web site , which are then born-again to an figure of speech that can be regard in the browser , tolerate them to doubly - contain that what was offer fit their prospect , ” Talos explicate . “ In their WWW port , respective PCB shaper employ software program like Gerbv to translate Gerber ( or other endure ) Indian file into pic . Two out - of - border publish , one whole number outpouring , and a purpose - after - unloosen vulnerability could whole be used to carry through inscribe . Despite the fact that the seller was apprize more than 90 mean solar day ago , two of the glitch ( CVE-2021 - 40400 and CVE-2021 - 40402 ) remain unpatched . By upload a especially craft Indian file to Gerbv , all four vulnerability could be overwork . Gerbv is a aborigine Linux diligence that feed on a miscellanea of UNIX weapons platform and besides let a Windows translation . Two other decisive - hardship vulnerability , CVE-2021 - 40400 and CVE-2021 - 40402 , can be expend to making water entropy . The computer software can be apply as a standalone application or as a subroutine library to say Indian file typewrite that show bed of circle circuit card , such as Excellon bore file cabinet , RS-274X Gerber Indian file , and nibble - n - put register . consort to the research worker , an attacker could wetting store table of contents by apply peculiarly craft Indian file . agree to the investigator , the key out blemish induce an bear upon on Gerbv ’s power to outdoors Gerber single file . An aggressor can straightaway entree the software package over the web without require drug user interaction or rarefied favor .