CVE-2023-38650

Vulnerability

The vulnerability is an integer overflow in the vzt_rd_block_vch_decode times parsing functionality of GTKWave version 3.3.115. When processing a specially crafted VZT (Verilog Zipped Trace) file, the handling of num_time_ticks (non-zero) leads to an integer overflow, resulting in memory corruption. The affected code resides in vzt_read.c and is triggered by parsing VZT files through the GUI, vzt2vcd conversion tool, or vztminer [1].

Exploitation

To exploit this vulnerability, an attacker must craft a malicious .vzt file with specific values that cause the integer overflow. The victim must open the file using GTKWave, which can occur automatically if the victim double-clicks the file (as GTKWave registers mime types for supported extensions) or opens it from the command line. No authentication or special privileges are required beyond user interaction [1].

Impact

Successful exploitation leads to memory corruption, which can be leveraged to achieve arbitrary code execution with the privileges of the victim. The CVSSv3 score is 7.0 (High), indicating potential compromise of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2024-01-08) and based on the available reference [1], no patch or updated version has been released by GTKWave to address this vulnerability. Users are advised to avoid opening untrusted .vzt files and to monitor official GTKWave channels for future updates.