CVE-2023-38653
published 2024-01-08CVE-2023-38653: Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtkwave | < gtkwave 3.3.118-0.1~deb12u1 (bookworm) | gtkwave 3.3.118-0.1~deb12u1 (bookworm) |
| gtkwave | gtkwave | — | — |
| gtkwave | gtkwave | >= 0 < 3.3.104+really3.3.118-0+deb11u1 | 3.3.104+really3.3.118-0+deb11u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1~deb12u1 | 3.3.118-0.1~deb12u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| tonybybell | gtkwave | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH