CVE-2023-39235

Summary

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over lt->num_time_ticks.

Affected Software

VendorProductVersion RangeStatus
GTKWaveGTKWave3.3.115affected

Weaknesses

  • CWE-129: CWE-129: Improper Validation of Array Index

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References