CVE-2023-35128

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description An integer overflow vulnerability exists in the fstReaderIterBlocks2 time table tsec nitems functionality. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this issue.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the fstReaderIterBlocks2 function until a patch is available. As a temporary workaround, restrict the opening of .fst files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.