CVE-2023-37419

Vulnerability

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave version 3.3.115. The flaw resides in the vcd_parse function, which is used by the GUI and several conversion utilities (vcd2lxt, vcd2lxt2, vcd2vzt). The issue is not present in the vcd_recorder.c implementation. A specially crafted .vcd file can trigger an out-of-bounds write when parsed, leading to memory corruption [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .vcd file and convincing a victim to open it in GTKWave or process it with the vcd2lxt2 conversion utility. No authentication or special network position is required; the attack relies on user interaction. The out-of-bounds write occurs during the parsing of the value change dump data within the portdump code path [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution in the context of the GTKWave process. Given the CVSSv3 score of 7.8, the impact on confidentiality, integrity, and availability is rated as high. An attacker could potentially execute arbitrary commands, modify data, or cause a denial of service [1].

Mitigation

As of the publication date (2024-01-08), no official patch or fixed version has been released by the vendor. The Talos advisory notes that the vendor was contacted but did not respond. Users are advised to avoid opening untrusted .vcd files and to consider using alternative tools or sandboxing environments. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].