CVE-2023-37442
published 2024-01-08CVE-2023-37442: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtkwave | < gtkwave 3.3.118-0.1~deb12u1 (bookworm) | gtkwave 3.3.118-0.1~deb12u1 (bookworm) |
| gtkwave | gtkwave | — | — |
| gtkwave | gtkwave | >= 0 < 3.3.104+really3.3.118-0+deb11u1 | 3.3.104+really3.3.118-0+deb11u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1~deb12u1 | 3.3.118-0.1~deb12u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| tonybybell | gtkwave | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH