We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-37417



Assignertalos
Reserved2023-07-05
Published2024-01-08
Updated2024-09-04

Description

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-787: Out-of-bounds Write

Product status

3.3.115
affected

Credits

Discovered by Claudio Bozzato of Cisco Talos.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

cve.org CVE-2023-37417

nvd.nist.gov CVE-2023-37417

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-37417
Subscribe to our newsletter to learn more about our work.