VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 8, 2024· Updated Nov 4, 2025

CVE-2023-36747

CVE-2023-36747

Description

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of len in fstWritex when beg_time does not match the start of the time table.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer overflow in GTKWave 3.3.115's fstReaderIterBlocks2 function allows memory corruption via a crafted .fst file, requiring user interaction.

Vulnerability

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 and fstWritex len functionality of GTKWave version 3.3.115. The issue occurs when beg_time does not match the start of the time table. A specially crafted .fst file can trigger these overflows, leading to memory corruption. [1]

Exploitation

An attacker must craft a malicious .fst file and convince a victim to open it (e.g., via email or download). No authentication is required, but user interaction is needed. The vulnerability is triggered during parsing of the .fst file via fstReaderOpen. [1]

Impact

Successful exploitation could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or denial of service. The CVSS score is 7.0 (High) with impacts to confidentiality, integrity, and availability. [1]

Mitigation

As of the reference publication (2024-01-08), no patch has been released. The affected version is GTKWave 3.3.115. Users should avoid opening untrusted .fst files until a fix is available. [1]

References
  1. TALOS-2023-1793 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • GTKWave/GTKWavellm-fuzzy
    Range: ==3.3.115
  • GTKWave/GTKWavev5
    Range: 3.3.115

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.