CVE-2023-39443

Vulnerability

A heap-based out-of-bounds write vulnerability exists in the LXT2 parsing functionality of GTKWave version 3.3.115. The bug occurs in the lxt2_rd_get_fac_geometry() function within lxt2_read.c, where a prefix copy loop performs an unbounded memory write without adequate bounds checking. A specially crafted .lxt2 file can trigger the out-of-bounds write when the file is opened by a user [1].

Exploitation

An attacker must craft a malicious .lxt2 file that includes geometry data designed to cause the prefix copy loop to write past the allocated buffer. No authentication or special privileges are required; the victim only needs to open the file using GTKWave (e.g., by double-clicking an email attachment, as GTKWave registers MIME types for .lxt2 files) [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution in the context of the GTKWave process. This can lead to full compromise of the victim's system, including data theft, installation of malware, or further lateral movement [1].

Mitigation

As of the publication date, GTKWave 3.3.115 is the confirmed vulnerable version, and no patched release has been announced. Users should avoid opening untrusted .lxt2 files from unknown sources. The vulnerability is not listed in the KEV catalog at the time of writing [1].