CVE-2023-37417

Vulnerability

GTKWave 3.3.115 contains multiple out-of-bounds write vulnerabilities in the vcd_parse function's parse_valuechange portdump functionality when processing VCD files. A specially crafted .vcd file can trigger these writes, leading to memory corruption. The issue is present in the GUI's interactive VCD parsing code, as well as in some conversion utilities (e.g., vcd2lxt, vcd2lxt2, vcd2vzt), but not in vcd_recorder.c. [1]

Exploitation

An attacker can exploit these vulnerabilities by crafting a malicious .vcd file and convincing a victim to open it using the GTKWave GUI. No authentication or special network access is required; the victim only needs to open the file. The parsing process triggers the out-of-bounds write during the handling of value change records. [1]

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution in the context of the victim's user account. This can lead to full compromise of confidentiality, integrity, and availability of the affected system. [1]

Mitigation

As of the publication date (2024-01-08), no patched version of GTKWave has been released. Users are advised to avoid opening untrusted .vcd files and to monitor the GTKWave project for updates. [1]