CVE-2023-37577

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 416

Summary

CVE-2023-37577 is a use-after-free vulnerability affecting GTKWave 3.3.115. Multiple instances of this issue exist in the VCD get_vartoken realloc functionality. A maliciously crafted .vcd file can exploit these vulnerabilities, leading to arbitrary code execution. Triggering these vulnerabilities requires opening a specially designed file with the vcd2lxt2 conversion utility. This flaw poses a significant risk to users who handle .vcd files, potentially allowing attackers to execute malicious code on their systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share