CVE-2023-38651

Vulnerability

An integer overflow vulnerability exists in the vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115 [1]. The overflow occurs when num_time_ticks is zero in a specially crafted .vzt file. This code path is reachable when GTKWave opens a VZT file, either via the GUI or command-line tools such as vzt2vcd or vztminer [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .vzt file with a zero value for num_time_ticks. The victim must open the file, which can occur automatically if the file is double-clicked due to GTKWave's mime type association [1]. No authentication or special privileges are required. The integer overflow leads to memory corruption during parsing [1].

Impact

Successful exploitation results in memory corruption, which can lead to arbitrary code execution, information disclosure, or denial of service. The CVSSv3 score of 7.0 (High) indicates a significant impact on confidentiality, integrity, and availability [1]. An attacker could execute arbitrary code in the context of the GTKWave process.

Mitigation

As of the publication date (2024-01-08), no official fix has been released for GTKWave 3.3.115 [1]. Users should avoid opening untrusted .vzt files from unknown sources. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog at the time of writing.