CVE-2023-35969
https://notcve.org/view.php?id=CVE-2023-35969
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. Existen múltiples vulnerabilidades de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad de análisis fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-35992
https://notcve.org/view.php?id=CVE-2023-35992
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignación de vesc FST fstReaderIterBlocks2 de GTKWave 3.3.115, cuando se compila como un binario de 32 bits. Un archivo .fst especialmente manipulado puede provocar daños en la memoria. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1790 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-35997
https://notcve.org/view.php?id=CVE-2023-35997
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 • CWE-129: Improper Validation of Array Index •
CVE-2023-35996
https://notcve.org/view.php?id=CVE-2023-35996
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 • CWE-129: Improper Validation of Array Index •
CVE-2023-35995
https://notcve.org/view.php?id=CVE-2023-35995
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1. Existen múltiples vulnerabilidades de validación de índice de matriz incorrecta en la funcionalidad tdelta fstReaderIterBlocks2 de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 • CWE-129: Improper Validation of Array Index •