CVE-2023-37417
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 787
Summary
CVE-2023-37417 is a critical vulnerability affecting the GTKWave 3.3.115 version. The issue involves multiple out-of-bounds write vulnerabilities found in the parse_valuechange functionality of the VCD (Values Change Dump) portdump feature. Maliciously crafted .vcd files can exploit these vulnerabilities and result in arbitrary code execution. This threat is significant because a victim must only open a malicious file to trigger the vulnerability, which could occur through interaction with the software's graphical user interface (GUI) during VCD parsing.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share