CVE-2023-39270

Vulnerability

Integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Specifically, an integer overflow occurs when allocating the rows array during processing of a specially crafted .lxt2 file. The flaw is in the lxt2_rd_init function within lxt2_read.c, affecting all GTKWave components that parse LXT2 files: the GUI, lxt2vcd, rtlbrowse, and lxt2miner [1].

Exploitation

An attacker must craft a malicious .lxt2 file that triggers the integer overflow during the allocation of the rows array. The victim must open this file using GTKWave, either by double-clicking (GTKWave registers MIME types for its supported extensions) or by loading it via the application. No authentication or special privileges are needed, but user interaction is required [1].

Impact

Successful exploitation allows arbitrary code execution in the context of the user running GTKWave. The vulnerability has a CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impact [1].

Mitigation

As of the published date (2024-01-08), no fixed version has been released. GTKWave 3.3.115 is confirmed vulnerable. Users should avoid opening untrusted .lxt2 files until a patch is provided by the vendor [1].