CVE-2023-37420

Vulnerability

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave version 3.3.115 [1]. The flaw resides in the vcd_parse function used by the vcd2lxt conversion utility and other components. A specially crafted .vcd file triggers an out-of-bounds write (CWE-787) during parsing, leading to memory corruption [1].

Exploitation

An attacker must convince a victim to open a malicious .vcd file, either through the GTKWave GUI or by using a command-line conversion tool such as vcd2lxt [1]. No authentication or special privileges are required; the victim only needs to process the crafted file. The vulnerability is triggered automatically during the parsing of the value change dump data [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution with the privileges of the victim [1]. This compromises confidentiality, integrity, and availability, as reflected by the CVSSv3 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [1].

Mitigation

As of the advisory publication date (January 8, 2024), no official patch has been released by the vendor for GTKWave 3.3.115 [1]. Users are advised to avoid opening untrusted .vcd files and to monitor for future updates from the GTKWave project. No workaround is documented in the available reference [1].