Debian Gtkwave vulnerabilities

CVE-2023-35964 [HIGH] CVE-2023-35964: gtkwave - Multiple OS command injection vulnerabilities exist in the decompression functio... Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility. Scope: local bookworm: resolved (fixed in 3.

CVE-2023-35997 [HIGH] CVE-2023-35997: gtkwave - Multiple improper array index validation vulnerabilities exist in the fstReaderI... Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. Scope: loca

CVE-2023-37576 [HIGH] CVE-2023-37576: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility. Scope: local

CVE-2023-36746 [HIGH] CVE-2023-36746: gtkwave - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBl... Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table. S

CVE-2023-38650 [HIGH] CVE-2023-38650: gtkwave - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_deco... Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. Scope: local boo

CVE-2023-39270 [HIGH] CVE-2023-39270: gtkwave - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing ... Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. Scope: local bookworm: r

CVE-2023-37578 [HIGH] CVE-2023-37578: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility. Scope: local

CVE-2023-36916 [HIGH] CVE-2023-36916: gtkwave - Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 ... Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array. Scope:

CVE-2023-37417 [HIGH] CVE-2023-37417: gtkwave - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange ... Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD pa

CVE-2023-39316 [HIGH] CVE-2023-39316: gtkwave - Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries fun... Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. Scope: local boo

CVE-2023-35992 [HIGH] CVE-2023-35992: gtkwave - An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc al... An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: r

CVE-2023-35989 [HIGH] CVE-2023-35989: gtkwave - An integer overflow vulnerability exists in the LXT2 zlib block allocation funct... An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+really3.3.118-

CVE-2023-35128 [HIGH] CVE-2023-35128: gtkwave - An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table ... An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.118-0.1~deb12u1) bullseye: resolved (fixed in 3.3.104+reall

CVE-2023-38652 [HIGH] CVE-2023-38652: gtkwave - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_deco... Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. Scope: local book

CVE-2023-37575 [HIGH] CVE-2023-37575: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's interactive VCD parsing code. Scop

CVE-2023-38621 [HIGH] CVE-2023-38621: gtkwave - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing f... Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. Scope: local bookworm: re

CVE-2023-35960 [HIGH] CVE-2023-35960: gtkwave - Multiple OS command injection vulnerabilities exist in the decompression functio... Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. Scope: local bookworm: resolved (fixed in 3.3.11

CVE-2023-37574 [HIGH] CVE-2023-37574: gtkwave - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc fu... Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's legacy VCD parsing code. Scope: lo

CVE-2023-37923 [HIGH] CVE-2023-37923: gtkwave - Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functio... Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. Scope: local boo

CVE-2023-37416 [HIGH] CVE-2023-37416: gtkwave - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange ... Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing