CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35957
https://notcve.org/view.php?id=CVE-2023-35957
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de análisis VCDATA fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35956
https://notcve.org/view.php?id=CVE-2023-35956
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`. Existen múltiples vulnerabilidades de desbordamiento del búfer en la región Heap de la memoria en la funcionalidad de análisis VCDATA fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35955
https://notcve.org/view.php?id=CVE-2023-35955
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de análisis VCDATA fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35964
https://notcve.org/view.php?id=CVE-2023-35964
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35963
https://notcve.org/view.php?id=CVE-2023-35963
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •