CVE-2023-35958

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119

Summary

CVE-2023-35963 is a critical vulnerability affecting GTKWave 3.3.115, where multiple OS command injection flaws have been identified in the decompression functionality of the `vcd2lxt2` utility. A carefully crafted wave file can exploit these vulnerabilities, resulting in arbitrary command execution. The risks are elevated if users open malicious files without proper validation, potentially leading to significant security consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share