By ply a particularly craft Gerber single file , both of these flaw can be put-upon . By upload a particularly craft file to Gerbv , all four exposure could be tap . Gerbv is a indigene Linux application program that running play on a diversity of UNIX platform and likewise throw a Windows version . Two former decisive - stiffness exposure , CVE-2021 - 40400 and CVE-2021 - 40402 , can be expend to passing water info . exploiter can upload gerber file away to the manufacturer ’s web site , which are and then reborn to an double that can be watch in the browser , grant them to treble - chip that what was furnish cope with their arithmetic mean , ” Talos explain . grant to the research worker , an aggressor could news leak memory subject matter by habituate peculiarly craft filing cabinet . Cisco Four of the fresh break exposure deliver a CVSS rack up of 10 : CVE-2021 - 40391 , CVE-2021 - 40393 , CVE-2021 - 40394 , and CVE-2021 - 40401 . Two out - of - limit write , one integer overspill , and a habituate - after - relieve vulnerability could entirely be overwork to carry out encipher . “ In their web user interface , several PCB shaper utilise software system like Gerbv to transmute Gerber ( or early tolerate ) file cabinet into show . Gerbv has been download over a million clip from SourceForge . The computer software can be expend as a standalone practical application or as a subroutine library to register charge character that expose stratum of tour card , such as Excellon practise file , RS-274X Gerber data file , and weft - n - rank file cabinet . Talos researcher too key a intermediate - severity information revelation vulnerability in Gerbv ’s pickax - and - target gyration parse functionality ( CVE-2021 - 40403 ) . allot to the research worker , the distinguish fault possess an bear on on Gerbv ’s ability to heart-to-heart Gerber single file . Despite the fact that the seller was advise Sir Thomas More than 90 sidereal day agone , two of the pester ( CVE-2021 - 40400 and CVE-2021 - 40402 ) continue unpatched . An aggressor can at present admittance the software package over the electronic network without command substance abuser fundamental interaction or exalted privilege . patch up for four of these blemish have been liberate , fit in to Talos ( three critical- and one average - hardship ) .