{"id":"MGASA-2022-0295","summary":"Updated kicad packages fix security vulnerability","details":"Multiple buffer overflows were discovered in Kicad, a suite of programs\nfor the creation of printed circuit boards, which could result in the\nexecution of arbitrary code if malformed Gerber/Excellon files, as\nfollows.\n\nA stack-based buffer overflow vulnerability exists in the Gerber Viewer\ngerber and excellon ReadXYCoord coordinate parsing functionality of KiCad\nEDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or\nexcellon file can lead to code execution. An attacker can provide a\nmalicious file to trigger this vulnerability. (CVE-2022-23803)\n\nA stack-based buffer overflow vulnerability exists in the Gerber Viewer\ngerber and excellon ReadIJCoord coordinate parsing functionality of KiCad\nEDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or\nexcellon file can lead to code execution. An attacker can provide a\nmalicious file to trigger this vulnerability. (CVE-2022-23804)\n\nA stack-based buffer overflow vulnerability exists in the Gerber Viewer\ngerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1\nand master commit de006fc010. A specially-crafted gerber or excellon file\ncan lead to code execution. An attacker can provide a malicious file to\ntrigger this vulnerability. (CVE-2022-23946)\n\nA stack-based buffer overflow vulnerability exists in the Gerber Viewer\ngerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1\nand master commit de006fc010. A specially-crafted gerber or excellon file\ncan lead to code execution. An attacker can provide a malicious file to\ntrigger this vulnerability. (CVE-2022-23947)\n","modified":"2026-04-16T04:41:34.324492088Z","published":"2022-08-25T21:21:07Z","upstream":["CVE-2022-23803","CVE-2022-23804","CVE-2022-23946","CVE-2022-23947"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0295.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30109"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5EMCGSSP3FIWCSL2KXVXLF35JYZKZE5Q/"},{"type":"WEB","url":"https://www.debian.org/lts/security/2022/dla-2998"},{"type":"WEB","url":"https://www.kicad.org/blog/2022/07/KiCad-6.0.7-Release/"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5214"}],"affected":[{"package":{"name":"kicad","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kicad?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.12-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0295.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}