CVE-2023-39272
published 2024-01-08CVE-2023-39272: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtkwave | < gtkwave 3.3.118-0.1~deb12u1 (bookworm) | gtkwave 3.3.118-0.1~deb12u1 (bookworm) |
| gtkwave | gtkwave | — | — |
| gtkwave | gtkwave | >= 0 < 3.3.104+really3.3.118-0+deb11u1 | 3.3.104+really3.3.118-0+deb11u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1~deb12u1 | 3.3.118-0.1~deb12u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| tonybybell | gtkwave | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH