CVE-2023-38651

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190

Summary

CVE-2023-38651 is a newly discovered vulnerability in GTKWave 3.3.115's VZT file handling. Multiple integer overflow issues exist in the vzt_rd_block_vch_decode times parsing functionality. A maliciously crafted .vzt file can induce memory corruption if the 'num_time_ticks' variable is zero. A user must open the malicious file for the vulnerability to be exploited. These integer overflows pose a potential threat to GTKWave users, particularly those handling untrusted .vzt files.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share