CVE-2023-39414
published 2024-01-08CVE-2023-39414: Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2…
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gtkwave | < gtkwave 3.3.118-0.1~deb12u1 (bookworm) | gtkwave 3.3.118-0.1~deb12u1 (bookworm) |
| gtkwave | gtkwave | — | — |
| gtkwave | gtkwave | >= 0 < 3.3.104+really3.3.118-0+deb11u1 | 3.3.104+really3.3.118-0+deb11u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1~deb12u1 | 3.3.118-0.1~deb12u1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| gtkwave | gtkwave | >= 0 < 3.3.118-0.1 | 3.3.118-0.1 |
| tonybybell | gtkwave | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.3HIGH