Login Sign Up

CVE-2021-40391

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a critical out-of-bounds write vulnerability in Gerbv, a Gerber file viewer used in PCB design. Attackers can execute arbitrary code by tricking users into opening specially crafted drill files. Users of Gerbv versions 2.7.0 and certain development commits are affected.

💻 Affected Systems

Products:
  • Gerbv
Versions: 2.7.0, dev commit b5f1eacd, forked version commit 71493260
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Any system running vulnerable Gerbv versions that processes drill files is at risk.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Gerbv by Gerbv Project

View all CVEs affecting Gerbv →

Gerbv by Gerbv Project

View all CVEs affecting Gerbv →

Gerbv by Gerbv Project

View all CVEs affecting Gerbv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to complete control of the affected system, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when a user opens a malicious drill file, potentially leading to lateral movement within the network.

🟢

If Mitigated

Limited impact if file execution is restricted through application sandboxing or user privileges are minimized.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious file. Proof-of-concept details are available in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.1 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html

Restart Required: Yes

Instructions:

1. Update Gerbv to version 2.7.1 or later using your package manager. 2. For Linux: Use apt-get update && apt-get upgrade gerbv. 3. For Windows/macOS: Download the latest version from the official repository. 4. Restart the application after update.

🔧 Temporary Workarounds

Restrict file processing

all

Limit Gerbv to trusted file sources and avoid opening untrusted drill files.

Run with reduced privileges

linux

Execute Gerbv with minimal user permissions to limit potential damage from exploitation.

sudo -u lowprivilegeuser gerbv

🧯 If You Can't Patch

  • Disable or uninstall Gerbv if not essential.
  • Implement application whitelisting to block execution of vulnerable Gerbv versions.

🔍 How to Verify

Check if Vulnerable:

Check Gerbv version: gerbv --version. If output shows 2.7.0 or matches affected dev commits, the system is vulnerable.

Check Version:

gerbv --version

Verify Fix Applied:

After updating, run gerbv --version to confirm version is 2.7.1 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes of Gerbv process
  • Unusual file access patterns from Gerbv

Network Indicators:

  • Outbound connections from Gerbv to unknown IPs post-exploitation

SIEM Query:

process_name:"gerbv" AND (event_type:"crash" OR file_path:"*.drl")

📊 Metadata

CVE ID: CVE-2021-40391
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-390
Published: November 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40391, you might also want to check these:

CVE-2025-46367 7.8

Dell Alienware Command Center versions before 6.10.15.0 contain a vulnerability where error conditio...

Same vulnerability type (CWE-390)
CVE-2025-26465 6.8

This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. At...

Same vulnerability type (CWE-390)
CVE-2025-27039 6.6

This CVE describes a memory corruption vulnerability in Qualcomm's DMM/WARPNCC driver when processin...

Same vulnerability type (CWE-390)