CVE-2023-38657

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 119
CWE ID 787

Summary

CVE-2023-38657 is a newly discovered vulnerability affecting GTKWave version 3.3.115. This issue involves an out-of-bounds write vulnerability in the LXT2 zlib block decompression functionality. A maliciously crafted .lxt2 file can exploit this weakness, leading to arbitrary code execution. The vulnerability is triggered when a user opens the malicious file, making it a potential threat if the file is delivered through email or a compromised website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share