CVE-2023-39274

Vulnerability

A integer overflow vulnerability exists in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115 [1]. The flaw occurs when allocating the len array, leading to a heap-based buffer overflow. The vulnerable code is in lxt2_read.c and is invoked when opening a specially crafted .lxt2 file. Affected versions include GTKWave 3.3.115 and possibly earlier releases.

Exploitation

An attacker can exploit this vulnerability by providing a malicious .lxt2 file to a victim. The victim must open the file using GTKWave (e.g., via double-click or command line). No authentication or special privileges are required. The integer overflow leads to memory corruption, which can be leveraged for code execution.

Impact

Successful exploitation allows arbitrary code execution in the context of the victim. The CVSSv3 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Mitigation

As of the publication date, no official patch has been released. Users should avoid opening untrusted .lxt2 files and consider using alternative wave viewers until a fix is available. The vendor has been notified by Cisco Talos [1].