CVE-2023-32650
Debian Security Advisory 5653-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de análisis maxhandle FST_BL_GEOM de GTKWave 3.3.115, cuando se compila como un binario de 32 bits. Un archivo .fst especialmente manipulado puede provocar daños en la memoria. Una víctima necesitaría abrir un archivo malicioso para activar esta vulnerabilidad.
Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-13 CVE Reserved
- 2024-01-08 CVE Published
- 2025-02-13 CVE Updated
- 2025-02-13 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1777 | 2025-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||