VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 8, 2024· Updated Nov 4, 2025

CVE-2023-38623

CVE-2023-38623

Description

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the vindex_offset array.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in GTKWave 3.3.115's VZT facgeometry parsing allows arbitrary code execution via a crafted .vzt file.

Vulnerability

An integer overflow vulnerability exists in the VZT facgeometry parsing functionality of GTKWave version 3.3.115. Specifically, when allocating the vindex_offset array in vzt_rd_init_smp, an integer overflow can occur, leading to a heap buffer overflow. This affects all GTKWave components that parse VZT files, including the GUI, vzt2vcd, and vztminer. [1]

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .vzt file that triggers the integer overflow. The victim must open the file using GTKWave, for example by double-clicking on it if the file association is set. No authentication or special privileges are required beyond local access to the system. [1]

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution with the privileges of the user running GTKWave. This can lead to full compromise of confidentiality, integrity, and availability of the affected system. [1]

Mitigation

As of the publication date (2024-01-08), no official patch has been released by the vendor. Users are advised to avoid opening untrusted .vzt files and to monitor for updates from GTKWave. [1]

References
  1. TALOS-2023-1812 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • GTKWave/GTKWavellm-fuzzy
    Range: = 3.3.115
  • GTKWave/GTKWavev5
    Range: 3.3.115

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.