CVE-2023-38657

Vulnerability

GTKWave version 3.3.115 contains an out-of-bounds write vulnerability in the LXT2 zlib block decompression functionality within lxt2_read.c. The issue occurs during processing of specially crafted .lxt2 files, affecting the lxt2vcd utility, rtlbrowse, lxt2miner, and the GTKWave GUI. No special configuration is required beyond opening the malicious file. [1]

Exploitation

An attacker must craft a malicious .lxt2 file that triggers the out-of-bounds write during decompression. The victim must open this file using any affected GTKWave component (e.g., by double-clicking the file if mime types are set, or via command-line tools). No additional privileges or authentication are needed; user interaction (opening the file) is the only requirement. [1]

Impact

Successful exploitation leads to arbitrary code execution in the context of the user running GTKWave. This results in full compromise of confidentiality, integrity, and availability (CVSS 7.8). The attacker gains the ability to execute arbitrary code on the victim's system. [1]

Mitigation

As of the publication date (2024-01-08), no patched version has been released by the vendor. Users should avoid opening untrusted .lxt2 files and consider removing or restricting mime-type associations for GTKWave until an update is provided. [1]