CVE-2023-35057

Vulnerability

The vulnerability exists in the lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. It is an integer overflow (CWE-190) that occurs when parsing specially crafted .lxt2 files. The flaw resides in lxt2_read.c and affects all GTKWave components that parse LXT2 files, including the GUI, lxt2vcd converter, rtlbrowse, and lxt2miner. Affected version: GTKWave 3.3.115 [1].

Exploitation

An attacker must craft a malicious .lxt2 file that triggers the integer overflow during allocation. The victim must open this file, for example by double-clicking on a wave file received via email, as GTKWave sets up mime types for its supported extensions. No authentication or special privileges are required; the attack vector is local and requires user interaction [1].

Impact

Successful exploitation leads to memory corruption, which can be leveraged by an attacker to achieve arbitrary code execution. The CVSSv3 score is 7.8, indicating high impacts on confidentiality, integrity, and availability. An attacker could gain the same privileges as the victim user [1].

Mitigation

As of the publication date (2024-01-08), no patched version has been released. Users should avoid opening untrusted .lxt2 files until an update is available. The vulnerability is not listed in the CISA KEV catalog at the time of writing [1].