CVE-2023-37574

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 416

Summary

CVE-2023-37574 is a use-after-free vulnerability affectting GTKWave 3.3.115. Maliciously crafted .vcd files can exploit this issue in the VCD get_vartoken realloc functionality, resulting in arbitrary code execution. The vulnerability arises when the GUI's legacy VCD parsing code fails to properly manage memory, leading to use-after-free conditions. To trigger the vulnerability, a victim must open a malicious file.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share