allot to the researcher , an assaulter could escape computer storage depicted object by expend specially craft data file . Two early decisive - hardness vulnerability , CVE-2021 - 40400 and CVE-2021 - 40402 , can be victimized to wetting data . Despite the fact that the vendor was apprize More than 90 twenty-four hours ago , two of the tease ( CVE-2021 - 40400 and CVE-2021 - 40402 ) remain unpatched . Four of the newly give away exposure have a CVSS musical score of 10 : CVE-2021 - 40391 , CVE-2021 - 40393 , CVE-2021 - 40394 , and CVE-2021 - 40401 . plot of land for four of these defect have been publish , agree to Talos ( three critical- and one mass medium - austereness ) . Two out - of - border publish , one whole number overflow , and a consumption - after - innocent exposure could totally be exploit to accomplish write in code . An assailant can straight off admittance the software package over the meshwork without call for exploiter fundamental interaction or overhead railway favor . “ In their vane interface , various PCB Maker employ computer software like Gerbv to metamorphose Gerber ( or early abide ) lodge into painting . according to the research worker , the key out defect experience an affect on Gerbv ’s ability to open up Gerber single file . By furnish a especially craft Gerber single file , both of these fault can be tap . substance abuser can upload gerber data file to the manufacturer ’s web site , which are and then converted to an effigy that can be catch in the browser , appropriate them to stunt woman - insure that what was furnish conform to their expectation , ” Talos excuse . By upload a peculiarly craft file away to Gerbv , all four vulnerability could be victimised . Gerbv is a native Linux diligence that escape on a miscellanea of UNIX program and as well ingest a Windows variant . Gerbv has been download over a million times from SourceForge . The package can be utilise as a standalone application program or as a library to read Indian file type that showing stratum of circuit plank , such as Excellon practice charge , RS-274X Gerber file , and find fault - n - localise file away . Cisco Talos investigator also unwrap a culture medium - rigorousness selective information disclosure exposure in Gerbv ’s clean - and - invest gyration parse functionality ( CVE-2021 - 40403 ) .