CVE-2023-37577

Vulnerability

Multiple use-after-free vulnerabilities exist in the get_vartoken realloc functionality of GTKWave 3.3.115 when parsing VCD (Value Change Dump) files. The flaw resides in the vcd_parse function, which is duplicated across several conversion utilities (vcd2lxt, vcd2lxt2, vcd2vzt) and the GUI component. A specially crafted .vcd file can trigger the use-after-free condition during token reallocation, leading to memory corruption [1].

Exploitation

An attacker can exploit these vulnerabilities by convincing a victim to open a malicious .vcd file, for example by double-clicking an attachment received via email. No authentication or special privileges are required. The vulnerability is triggered automatically during the parsing process, without any additional user interaction beyond opening the file [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution in the context of the victim. This can lead to full compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

As of the publication date, no official patch has been released by the vendor. The only mitigation is to avoid opening untrusted .vcd files from unknown sources. The vulnerability is not currently listed in the Known Exploited Vulnerabilities (KEV) catalog [1].