CVE-2023-37445

Vulnerability

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave version 3.3.115 [1]. The issue resides in the vcd_parse function, which is duplicated in several conversion utilities (vcd2lxt, vcd2lxt2, vcd2vzt) and in the GUI portion of GTKWave [1]. A specially crafted .vcd file triggers these vulnerabilities when the file is opened by a victim [1].

Exploitation

An attacker must craft a malicious .vcd file that causes out-of-bounds reads during parsing [1]. The victim must open the file using GTKWave (GUI or command-line conversion tool) [1]. No special privileges or network position are required; the attack is local and requires user interaction [1]. The CVSS vector reflects low attack complexity and no privileges needed (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [1].

Impact

Successful exploitation leads to arbitrary code execution in the context of the victim's process [1]. This compromises confidentiality, integrity, and availability (CIA) [1]. The attacker gains the full privileges of the user running GTKWave [1].

Mitigation

As of the publication date (2024-01-08), no fixed version has been released by the vendor [1]. The only mitigation is to avoid opening untrusted .vcd files with GTKWave [1]. Users should monitor the GTKWave project for updates [1].