CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35962 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35962
08 Jan 2024 — Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede pr... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35961 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35961
08 Jan 2024 — Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede prov... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35960 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35960
08 Jan 2024 — Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provoc... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35959 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35959
08 Jan 2024 — Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecució... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35970 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35970
08 Jan 2024 — Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de análisis fstReaderIter... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35969 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35969
08 Jan 2024 — Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de anális... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35992 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35992
08 Jan 2024 — An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignación de vesc FST fstReaderIterBlocks2 de GTKWave 3.3.115, cuando se compila como un binario de 32 bits. Un archivo .fst especialmente ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35997 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35997
08 Jan 2024 — Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un arch... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35996 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35996
08 Jan 2024 — Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35995 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35995
08 Jan 2024 — Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-129: Improper Validation of Array Index •