We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-37417



Description

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code.

Reserved 2023-07-05 | Published 2024-01-08 | Updated 2024-09-04 | Assigner talos


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-787: Out-of-bounds Write

Product status

3.3.115
affected

Credits

Discovered by Claudio Bozzato of Cisco Talos.

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1804

lists.debian.org/debian-lts-announce/2024/04/msg00007.html

cve.org (CVE-2023-37417)

nvd.nist.gov (CVE-2023-37417)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-37417

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.