CVE-2023-35989
Description
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in GTKWave 3.3.115's LXT2 zlib block allocation allows arbitrary code execution via malicious .lxt2 file.
Vulnerability
Integer overflow vulnerability in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can trigger the overflow, leading to arbitrary code execution. Affected version: GTKWave 3.3.115 [1].
Exploitation
An attacker must provide a malicious .lxt2 file to a victim. The victim must open the file using the GTKWave GUI or command-line utilities such as lxt2vcd, rtlbrowse, or lxt2miner. No authentication is required, but user interaction is necessary [1].
Impact
Successful exploitation allows arbitrary code execution with the privileges of the victim. This can result in full compromise of confidentiality, integrity, and availability [1].
Mitigation
As of the publication date (2024-01-08), no official fix is available. Users should avoid opening untrusted .lxt2 files. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- GTKWave/GTKWavev5Range: 3.3.115
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.