CVE-2023-39272

Vulnerability

GTKWave 3.3.115 contains multiple integer overflow vulnerabilities in the LXT2 facgeometry parsing functionality, specifically during allocation of the lsb array [1]. The flaw resides in lxt2_read.c and affects the GUI and command-line tools that parse .lxt2 files. A specially crafted .lxt2 file triggers the overflow, leading to arbitrary code execution.

Exploitation

An attacker must deliver a malicious .lxt2 file to the victim. The victim opens the file via double-click (due to mime type association) or through the GTKWave GUI or command-line tools [1]. No authentication or special privileges are required; the attack relies on user interaction. The integer overflow occurs during memory allocation, enabling subsequent memory corruption.

Impact

Successful exploitation allows arbitrary code execution in the context of the GTKWave process. This can lead to full compromise of the victim's system, including data confidentiality, integrity, and availability [1]. The CVSS score is 7.8 (High).

Mitigation

As of the publication date (2024-01-08), no patched version has been released. Users should avoid opening untrusted .lxt2 files. Talos reported the vulnerability to the vendor, but no fix is documented [1]. GTKWave 3.3.115 is confirmed vulnerable.