CVE-2023-39316

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190

Summary

CVE-2023-39316 is a critical vulnerability affecting GTKWave 3.3.115, where multiple integer overflow issues exist in the 'num_dict_entries' functionality of LXT2 files. A maliciously crafted .lxt2 file can exploit this weakness, leading to arbitrary code execution. The vulnerability arises when the 'string_pointers' array is allocated with insufficient capacity due to integer overflow. By manipulating a .lxt2 file, an attacker can trigger this condition and execute unintended code on a victim's system, placing them at risk. The impact of these vulnerabilities can be severe if GTKWave is used to open untrusted files.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share