CVE-2023-35004

Vulnerability

An integer overflow vulnerability exists in the vzt_rd_init_smp function within vzt_read.c of GTKWave 3.3.115. The overflow occurs when allocating memory for the longest_len value while parsing a specially crafted .vzt file. This code path is reachable when a victim opens a malicious VZT file through the GUI or command-line tools [1].

Exploitation

An attacker must craft a .vzt file with a manipulated longest_len value that triggers an integer overflow during allocation. The victim is required to open the file, for example by double-clicking it (which invokes GTKWave via registered MIME types) or by using the vzt2vcd utility. No authentication or special privileges are needed; the attack is local and user-initiated [1].

Impact

Successful exploitation leads to arbitrary code execution within the context of the GTKWave process. This compromises the confidentiality, integrity, and availability of the affected system, potentially allowing the attacker to execute arbitrary commands or install malware [1].

Mitigation

As of the publication date, no official fix has been disclosed in the available references. Users should avoid opening untrusted .vzt files and consider monitoring for updates from the GTKWave project. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].