CVE-2023-38620

Vulnerability

An integer overflow vulnerability exists in the VZT facgeometry parsing functionality of GTKWave 3.3.115. The flaw occurs when allocating the lsb array within the vzt_rd_init_smp function in vzt_read.c. A specially crafted .vzt file can trigger the overflow, leading to an undersized heap allocation. This affects the GTKWave GUI, the vzt2vcd conversion utility, and vztminer [1].

Exploitation

An attacker must craft a malicious .vzt file and convince a victim to open it, for example by double-clicking an email attachment (GTKWave registers MIME types for its supported extensions). No authentication or special privileges are required. When the victim opens the file, the integer overflow during lsb array allocation results in a heap buffer overflow, which can be leveraged to achieve arbitrary code execution [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the GTKWave process. This compromises confidentiality, integrity, and availability of the affected system. The CVSSv3 score is 7.8 (High) [1].

Mitigation

As of the publication date (2024-01-08), no official fix has been disclosed by the vendor. Users should avoid opening untrusted .vzt files and monitor GTKWave updates for a patched version. This vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog [1].