CVE-2023-37922

Vulnerability

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can trigger an arbitrary write when processed by the vcd2lxt2 conversion utility. The issue arises from incorrect handling of indexable resources (CWE-118) during VCD parsing [1].

Exploitation

An attacker must convince a victim to open a malicious .vcd file using GTKWave's vcd2lxt2 utility. No authentication or network access is required; the attack is local and user interaction is necessary. The vulnerability is triggered during the parsing of the VCD file's sorted bsearch data [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the victim's machine with the privileges of the user running GTKWave. This leads to full compromise of confidentiality, integrity, and availability [1].

Mitigation

No fix has been released as of the publication date (2024-01-08). Users should avoid opening untrusted .vcd files with GTKWave until a patched version is available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalogue [1].