CVE-2023-37282
Description
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write in GTKWave 3.3.115's VZT LZMA_Read dmem extraction allows arbitrary code execution via a crafted .vzt file.
Vulnerability
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave version 3.3.115 [1]. This flaw occurs when parsing specially crafted .vzt files, leading to memory corruption.
Exploitation
An attacker can exploit this vulnerability by convincing a victim to open a malicious .vzt file, for example by double-clicking on it if GTKWave is associated with the file extension [1]. No authentication or special privileges are needed, only user interaction.
Impact
Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the victim user. This can lead to full compromise of confidentiality, integrity, and availability (CVSS 7.8) [1].
Mitigation
No fix has been publicly disclosed as of the publication date. Users are advised to avoid opening untrusted .vzt files until a patched version of GTKWave is released [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- GTKWave/GTKWavev5Range: 3.3.115
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.