CVE-2023-39317

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024
Updated: Apr 9, 2024
CWE ID 190

Summary

CVE-2023-39317 is a critical vulnerability affecting GTKWave 3.3.115. Multiple integer overflow issues are identified in the LXT2 num_dict_entries function. A maliciously crafted .lxt2 file can trigger these vulnerabilities, resulting in arbitrary code execution. The integer overflow occurs when allocating the `string_lens` array, posing a severe security risk. Users are advised to update their GTKWave installation as soon as possible to mitigate this threat. Opening a malicious file is required to exploit the vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share