CVE-2023-35958
Description
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function fstFread.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap buffer overflow in GTKWave 3.3.115 fstReaderIterBlocks2 VCDATA parsing via crafted .fst file leads to arbitrary code execution.
Vulnerability
A heap-based buffer overflow vulnerability exists in the fstFread function within the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115 [1]. A specially-crafted .fst file can trigger this overflow when parsed by the vulnerable code path.
Exploitation
An attacker must craft a malicious .fst file and convince a victim to open it (e.g., by double-clicking on an email attachment) [1]. No additional authentication or network access is required. Opening the file triggers the overflow in the parsing routine.
Impact
Successful exploitation results in arbitrary code execution with the privileges of the victim, leading to full compromise of confidentiality, integrity, and availability [1].
Mitigation
As of the publication date, no official patch or mitigation has been disclosed in the available references [1]. Users should exercise caution when opening .fst files from untrusted sources.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- GTKWave/GTKWavev5Range: 3.3.115
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.