CVE-2023-38618
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190
Summary
CVE-2023-38618 is a critical vulnerability affecting GTKWave 3.3.115, where multiple integer overflow issues exist in the VZT facgeometry parsing functionality. These vulnerabilities can be triggered by a maliciously crafted .vzt file, leading to arbitrary code execution. The vulnerability specifically stems from an integer overflow occurrence during the allocation of the `rows` array. Successful exploitation necessitates a victim opening the malicious file.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share