CVE-2023-35128
Debian Security Advisory 5653-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad fstReaderIterBlocks2 time_table tsec_nitems de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar daños en la memoria. Una víctima necesitaría abrir un archivo malicioso para activar esta vulnerabilidad.
Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-21 CVE Reserved
- 2024-01-08 CVE Published
- 2025-02-13 CVE Updated
- 2025-02-13 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1792 | 2025-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||