CVE-2023-39275

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190

Summary

CVE-2023-39275 is a critical vulnerability affecting GTKWave 3.3.115, where multiple integer overflows are identified in the LXT2 facgeometry parsing functionality. Malicious .lxt2 files can exploit these vulnerabilities, leading to arbitrary code execution. The weakness lies in the integer overflow when allocating the `value` array during parsing. A victim must open a maliciously crafted file to trigger this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share