Debian Gtkwave vulnerabilities

CVE-2023-34087 [HIGH] CVE-2023-34087: gtkwave - An improper array index validation vulnerability exists in the EVCD var len pars... An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+reall

CVE-2023-35004 [HIGH] CVE-2023-35004: gtkwave - An integer overflow vulnerability exists in the VZT longest_len value allocation... An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+really3.3

CVE-2023-35957 [HIGH] CVE-2023-35957: gtkwave - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBl... Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. Scope: local bookw

CVE-2023-37446 [HIGH] CVE-2023-37446: gtkwave - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition sect... Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

CVE-2023-35962 [HIGH] CVE-2023-35962: gtkwave - Multiple OS command injection vulnerabilities exist in the decompression functio... Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. Scope: local bookworm: resolved (fixed in 3.

CVE-2023-38657 [HIGH] CVE-2023-38657: gtkwave - An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression... An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+really3.

CVE-2023-35961 [HIGH] CVE-2023-35961: gtkwave - Multiple OS command injection vulnerabilities exist in the decompression functio... Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. Scope: local bookworm: resolved (fixed in 3.3.

CVE-2023-38620 [HIGH] CVE-2023-38620: gtkwave - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing f... Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. Scope: local bookworm: reso

CVE-2023-37577 [HIGH] CVE-2023-37577: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility. Scope: loca

CVE-2023-37447 [HIGH] CVE-2023-37447: gtkwave - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition sect... Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. S

CVE-2023-37418 [HIGH] CVE-2023-37418: gtkwave - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange ... Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utili

CVE-2023-38623 [HIGH] CVE-2023-38623: gtkwave - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing f... Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array. Scope: local book

CVE-2023-36864 [HIGH] CVE-2023-36864: gtkwave - An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal... An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed

CVE-2023-35970 [HIGH] CVE-2023-35970: gtkwave - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBl... Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` sect

CVE-2023-37573 [HIGH] CVE-2023-37573: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code

CVE-2023-38583 [HIGH] CVE-2023-38583: gtkwave - A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_in... A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+

CVE-2023-37419 [HIGH] CVE-2023-37419: gtkwave - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange ... Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion util

CVE-2023-32650 [HIGH] CVE-2023-32650: gtkwave - An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle fu... An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fi

CVE-2023-39235 [HIGH] CVE-2023-39235: gtkwave - Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_blo... Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`. Scop

CVE-2023-37445 [HIGH] CVE-2023-37445: gtkwave - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition sect... Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. S