CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39443 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-39443
08 Jan 2024 — Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. Existen múltiples vulnerabilidades de escritura fuera de los límites en la funcionalidad de análisis LXT2 de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38583 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-38583
08 Jan 2024 — A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la función LXT2 lxt2_rd_expand_integer_to_bits de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecución de código arbitrar... • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •