We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | talos |
Reserved | 2023-07-05 |
Published | 2024-01-08 |
Updated | 2024-09-04 |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Discovered by Claudio Bozzato of Cisco Talos.
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html