
CVE-2023-35994 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35994
08 Jan 2024 — Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialme... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-129: Improper Validation of Array Index •

CVE-2023-35128 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35128
08 Jan 2024 — An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad fstReaderIterBlocks2 time_table tsec_nitems de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar daños en la memoria. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •

CVE-2023-36747 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-36747
08 Jan 2024 — Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad fstRe... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVE-2023-36746 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-36746
08 Jan 2024 — Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad fstReaderIterBlocks2 fstWritex len d... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVE-2023-36864 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-36864
08 Jan 2024 — An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignación fstReaderIterBlocks2 temp_signal_value_buf de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código a... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •

CVE-2023-36916 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-36916
08 Jan 2024 — Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array. Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignación FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •

CVE-2023-36915 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-36915
08 Jan 2024 — Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array. Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignación FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •

CVE-2023-34087 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-34087
08 Jan 2024 — An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de validación de índice de matriz incorrecta en la funcionalidad de análisis EVCD var len de GTKWave 3.3.115. Un archivo .evcd especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2023-37420 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-37420
08 Jan 2024 — Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. Existen múltiples vulnerabilidades de escritura fuera de los límites en la funcionalidad de volcado de puerto VCD parse_valuechange de GTKWa... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-787: Out-of-bounds Write •

CVE-2023-37419 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-37419
08 Jan 2024 — Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. Existen múltiples vulnerabilidades de escritura fuera de los límites en la funcionalidad de volcado de puerto VCD parse_valuechange de GTKW... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-787: Out-of-bounds Write •