CVSS 3.1 Score 7.8 of 10 (high)


Published Jan 8, 2024
Updated: Jan 11, 2024


CVE-2023-35962 is a high-severity vulnerability that affects GTKWave 3.3.115. This vulnerability allows for multiple OS command injection attacks in the decompression functionality of the software, specifically in the vcd2vzt utility. By opening a specially crafted wave file, an attacker can execute arbitrary commands on the victim's system. The risk score for this vulnerability is 25, with a base severity of HIGH, and it requires user interaction to be exploited. It has a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The potential danger posed to organizations is significant as it can lead to unauthorized command execution and compromise the integrity and confidentiality of affected systems. To remediate this vulnerability, users should update to a patched version provided by GTKWave as soon as it becomes available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35962 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options