CVE-2023-38621

Vulnerability

An integer overflow vulnerability exists in the VZT facgeometry parsing functionality of GTKWave 3.3.115, specifically when allocating the flags array. A specially crafted .vzt file can trigger this overflow, leading to memory corruption. The vulnerability is present in all tools that parse VZT files, including the vzt2vcd utility, vztminer, and the GTKWave GUI. The victim must open a malicious .vzt file to trigger the issue [1].

Exploitation

Exploitation requires an attacker to craft a malicious .vzt file and convince the victim to open it. GTKWave sets up mime types for its supported extensions, so simply double-clicking a .vzt file received via email can launch the program and load the file. No authentication or special privileges are needed on the victim's system. The attacker does not require any network position beyond delivering the file [1].

Impact

Successful exploitation can lead to arbitrary code execution under the privileges of the user running GTKWave. The CVSSv3 score is 7.8 (High) with impacts on confidentiality, integrity, and availability. An attacker could execute arbitrary code, escalate privileges, or compromise the victim's system [1].

Mitigation

As of the publication date, no official patch has been released by the vendor. The only mitigation is to avoid opening untrusted .vzt files. Users should exercise caution when receiving such files from untrusted sources [1].