CVE-2023-35958
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119
Summary
CVE-2023-35963 is a critical vulnerability affecting GTKWave 3.3.115, where multiple OS command injection flaws have been identified in the decompression functionality of the `vcd2lxt2` utility. A carefully crafted wave file can exploit these vulnerabilities, resulting in arbitrary command execution. The risks are elevated if users open malicious files without proper validation, potentially leading to significant security consequences.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share