CVE-2023-35969
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119
CWE ID 787
Summary
CVE-2023-35969 is a critical buffer overflow vulnerability affecting GTKWave 3.3.115. Multiple heap-based buffer overflows exist in the fstReaderIterBlocks2 chain_table parsing functionality. A maliciously crafted .fst file can exploit these vulnerabilities, leading to arbitrary code execution. This vulnerability specifically targets the `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types within the chain_table. Successful exploitation requires the victim to open a specially crafted file.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share