CVE-2023-35128

Vulnerability

An integer overflow vulnerability exists in the fstReaderIterBlocks2 function's handling of the time_table tsec_nitems field in GTKWave version 3.3.115. The flaw occurs when parsing specially crafted .fst files, leading to memory corruption due to an integer overflow (CWE-190). Affected versions: GTKWave 3.3.115. [1]

Exploitation

An attacker can trigger this vulnerability by convincing a victim to open a malicious .fst file. GTKWave sets up mime types for its supported extensions, so simply double-clicking a wave file received via email is enough to trigger the issue. No authentication or special privileges are required, and the attack requires user interaction (the victim must open the file). [1]

Impact

Successful exploitation can lead to memory corruption, potentially allowing an attacker to achieve arbitrary code execution in the context of the GTKWave process. The CVSSv3 score is 7.0, with high impact on confidentiality, integrity, and availability. [1]

Mitigation

As of the publication date (2024-01-08), no patched version has been released by the vendor. Users should exercise caution when opening .fst files from untrusted sources. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]