CVE-2023-38618
https://notcve.org/view.php?id=CVE-2023-38618
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de análisis de facgeometría VZT de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-38649
https://notcve.org/view.php?id=CVE-2023-38649
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. Existen múltiples vulnerabilidades de escritura fuera de los límites en la funcionalidad de descompresión VZT vzt_rd_get_facname de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-38648
https://notcve.org/view.php?id=CVE-2023-38648
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. Existen múltiples vulnerabilidades de escritura fuera de los límites en la funcionalidad de descompresión VZT vzt_rd_get_facname de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-38651
https://notcve.org/view.php?id=CVE-2023-38651
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de análisis de tiempos VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar daños en la memoria. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-38650
https://notcve.org/view.php?id=CVE-2023-38650
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de análisis de tiempos VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar daños en la memoria. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 • CWE-190: Integer Overflow or Wraparound •