CVE-2023-35702

Vulnerability

A stack-based buffer overflow vulnerability exists in the fstReaderVarint32 function of GTKWave 3.3.115, specifically within the FST LEB128 varint decoding functionality used when parsing .fst trace files. A specially crafted .fst file can trigger an overflow on the stack, corrupting adjacent memory. The vulnerability is reachable when a victim opens a malicious file via the GUI or command-line tools. The confirmed vulnerable version is GTKWave 3.3.115 [1].

Exploitation

An attacker must craft a malicious .fst file containing specially crafted LEB128 varint data that causes the fstReaderVarint32 function to write beyond the bounds of a fixed-size stack buffer. No authentication or special privileges are required; the victim needs only to open the file (e.g., double-clicking on an attachment received by email or using gtkwave on the command line). GTKWave sets up mime types for supported extensions, making user interaction minimal [1].

Impact

Successful exploitation leads to arbitrary code execution in the context of the user running GTKWave. The CVSSv3 score is 7.8 (High), with impacts to confidentiality, integrity, and availability all rated as high. An attacker could achieve full system compromise under the user's privileges [1].

Mitigation

As of the advisory date, no patch or updated version has been released by the vendor. Users should avoid opening untrusted .fst files from unknown or untrusted sources. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date. A future update from GTKWave is expected but not yet available [1].