CVE-2023-35957

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This issue concerns the decompression function uncompress.

Recommendations For GTKWave version 3.3.115, as a temporary workaround, consider disabling the uncompress function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.