CVE-2023-35704

Vulnerability

A stack-based buffer overflow vulnerability exists in the FST LEB128 varint functionality of GTKWave 3.3.115 [1]. The bug resides in the fstReaderVarint32WithSkip function, which is called during parsing of .fst files via fstReaderOpen [1]. The vulnerable code path does not properly validate lengths when decoding LEB128-encoded varint values, leading to a stack buffer overflow when processing a specially crafted file [1]. Affected versions include GTKWave 3.3.115; no other versions are confirmed but earlier releases may also be impacted [1].

Exploitation

An attacker must craft a malicious .fst file containing oversized LEB128 varint data that overflows a stack buffer when parsed [1]. The victim must open the file using GTKWave (e.g., by double-clicking in a file manager or via the command line) [1]. No authentication or special privileges are needed, but user interaction is required [1]. The attack vector is local; the file could be delivered via email, download, or other means [1].

Impact

Successful exploitation yields arbitrary code execution in the context of the GTKWave process [1]. The attacker achieves full compromise of confidentiality, integrity, and availability (CIA) of the affected system, with a CVSS v3.1 score of 7.8 (High) [1]. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) [1].

Mitigation

As of the publication date (2024-01-08), no patched version of GTKWave has been released [1]. Users should avoid opening untrusted .fst files in GTKWave 3.3.115 until a fix is available. The vendor was notified via Talos but the status of an update is not disclosed [1]. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].