CVE-2023-37578

Vulnerability

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. The issue affects the vcd_parse function, which is present in the conversion utilities (vcd2lxt, vcd2lxt2, vcd2vzt) and the GUI component. A specially crafted .vcd file can trigger the use-after-free condition, leading to arbitrary code execution. All copies of the vcd_parse function are affected [1].

Exploitation

An attacker needs to craft a malicious .vcd file and convince a victim to open it using GTKWave, for example by double-clicking the file after receiving it via email. The vulnerability is triggered during the parsing of VCD tokens, specifically within the get_vartoken realloc code path. No authentication or special privileges are required beyond victim interaction [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution in the context of the GTKWave process. This can lead to full compromise of confidentiality, integrity, and availability (CIA) of the affected system, as indicated by a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [1].

Mitigation

At the time of publication, no fixed version of GTKWave has been released. Users are advised to avoid opening untrusted .vcd files with GTKWave 3.3.115 until a patch is provided by the vendor. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].