CVE-2023-39272
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190
Summary
CVE-2023-39272 is a newly disclosed vulnerability affecting GTKWave 3.3.115, a popular open-source waveform viewer. The issue lies in the LXT2 facgeometry parsing functionality, where multiple integer overflow vulnerabilities have been identified. An attacker can exploit these vulnerabilities by crafting a specially malicious .lxt2 file. If a user opens this file, the integer overflow during the allocation of the 'lsb' array can lead to arbitrary code execution, potentially compromising the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share