CVE-2023-35964

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue concerns decompression in the vcd2lxt utility of GTKWave, where multiple OS command injection vulnerabilities exist. These vulnerabilities can be triggered by a specially crafted wave file, potentially leading to arbitrary command execution when a victim opens the malicious file.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the vcd2lxt utility until a fix is available, or refrain from opening untrusted wave files to minimize the risk of exploitation.