CVE-2023-35962

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue concerns decompression in the vcd2vzt utility of GTKWave, where multiple OS command injection vulnerabilities exist. These vulnerabilities can be triggered by a specially crafted wave file, potentially leading to arbitrary command execution when a victim opens the malicious file.

Recommendations For GTKWave version 3.3.115, consider disabling the vcd2vzt utility until a patch is available to prevent potential exploitation. Avoid opening wave files from untrusted sources to minimize the risk of arbitrary command execution.