CVE-2023-39316
Description
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the string_pointers array.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in GTKWave 3.3.115's LXT2 parser allows arbitrary code execution via crafted .lxt2 file.
Vulnerability
Integer overflow vulnerability in the string_pointers array allocation within the num_dict_entries functionality of GTKWave 3.3.115. The bug occurs when parsing specially crafted LXT2 files, leading to an undersized allocation that can be exploited. [1]
Exploitation
An attacker can send a malicious .lxt2 file to a victim. The victim must open the file (e.g., via GTKWave GUI or command-line tools). No authentication required. The integer overflow during allocation leads to a heap buffer overflow. [1]
Impact
Successful exploitation allows arbitrary code execution with the privileges of the user running GTKWave. This can lead to full compromise of the victim's system. [1]
Mitigation
No fix has been disclosed as of the publication date. Users should avoid opening untrusted .lxt2 files. The vulnerability is not listed in CISA KEV. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- GTKWave/GTKWavev5Range: 3.3.115
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.