CVE-2023-37922

Summary

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility.

Affected Software

VendorProductVersion RangeStatus
GTKWaveGTKWave3.3.115affected

Weaknesses

  • CWE-118: CWE-118: Incorrect Access of Indexable Resource ('Range Error')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References