CVE-2023-35057

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description An integer overflow vulnerability exists in the LXT2 lxt2 rd trace value elements allocation functionality. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this issue.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .lxt2 files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of .lxt2 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.