CVE-2023-36864
published 2024-01-08CVE-2023-36864: An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtkwave | < gtkwave 3.3.118-0.1~deb12u1 (bookworm) | gtkwave 3.3.118-0.1~deb12u1 (bookworm) |
| gtkwave | gtkwave | — | — |
| gtkwave | gtkwave | >= 0 < 3.3.104+really3.3.118-0+deb11u1 | 3.3.104+really3.3.118-0+deb11u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1~deb12u1 | 3.3.118-0.1~deb12u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| tonybybell | gtkwave | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH