CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35962
https://notcve.org/view.php?id=CVE-2023-35962
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35961
https://notcve.org/view.php?id=CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35960
https://notcve.org/view.php?id=CVE-2023-35960
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35959
https://notcve.org/view.php?id=CVE-2023-35959
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression. Existen múltiples vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad de descompresión de GTKWave 3.3.115. Un archivo wave especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35970
https://notcve.org/view.php?id=CVE-2023-35970
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de análisis fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •