CVE-2023-36915
Debian Security Advisory 5653-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array.
Existen múltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de asignación FST fstReaderIterBlocks2 chain_table de GTKWave 3.3.115. Un archivo .fst especialmente manipulado puede provocar la ejecución de código arbitrario. Una víctima necesitaría abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la asignación de la matriz `chain_table`.
Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-27 CVE Reserved
- 2024-01-08 CVE Published
- 2025-02-13 CVE Updated
- 2025-02-13 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 | 2025-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tonybybell Search vendor "Tonybybell" | Gtkwave Search vendor "Tonybybell" for product "Gtkwave" | 3.3.115 Search vendor "Tonybybell" for product "Gtkwave" and version "3.3.115" | - |
Affected
| ||||||