CVE-2023-37418

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 787

Summary

CVE-2023-37418 is a critical vulnerability affecting GTKWave 3.3.115. Multiple out-of-bounds write issues are identified in the VCD parse_valuechange portdump functionality, which can be exploited through a specially crafted .vcd file. Successful exploitation results in arbitrary code execution. The vulnerability poses a risk particularly during the vcd2vzt conversion process. A victim must open a malicious file to trigger these vulnerabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share