CVE-2023-38652

Vulnerability

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115 [1]. These occur when num_time_ticks is not zero during parsing of a specially crafted .vzt file, leading to memory corruption. The affected code is in vzt_read.c and is used by both the GUI and command-line tools.

Exploitation

An attacker must craft a malicious .vzt file with specific values that trigger the integer overflow. The victim must open the file using GTKWave, either by double-clicking (due to associated mime types) or via command-line tools like vzt2vcd. Once opened, the parsing process triggers the overflow, resulting in memory corruption.

Impact

Successful exploitation can lead to arbitrary code execution, compromising the confidentiality, integrity, and availability of the system. The CVSSv3 score is 7.0 (High), with local access, high complexity, and user interaction required, but high impact on CIA.

Mitigation

No patched version has been released as of the publication date. Users should avoid opening untrusted .vzt files. The vendor has been notified, but no official fix is available yet.