CVE-2023-39317

Vulnerability

An integer overflow vulnerability exists in the num_dict_entries functionality of GTKWave 3.3.115 when parsing LXT2 files. The overflow occurs during allocation of the string_lens array, leading to a heap buffer overflow. The affected code path is reachable through the GUI or command-line tools (e.g., lxt2vcd, rtlbrowse, lxt2miner) when opening a specially crafted .lxt2 file. [1]

Exploitation

An attacker can exploit this vulnerability by crafting a malicious .lxt2 file with specific values that trigger the integer overflow. No authentication or special privileges are required; the victim must open the file using GTKWave (e.g., by double-clicking or via command line). The parsing process then triggers the overflow, potentially leading to heap corruption and arbitrary code execution. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running GTKWave. This can result in full compromise of confidentiality, integrity, and availability of the affected system. [1]

Mitigation

As of the advisory publication date (2024-01-08), no patched version of GTKWave has been released. Users should avoid opening untrusted .lxt2 files from unknown sources. The vendor has not provided a workaround or fix. [1]