CVE-2023-35970

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description Multiple heap-based buffer overflow issues exist in the fstReaderIterBlocks2 chain table parsing functionality. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these issues. The vulnerability concerns the chain table of the FST BL VCDATA DYN ALIAS2 section type.

Recommendations For GTKWave version 3.3.115, as a temporary workaround, consider restricting the use of the fstReaderIterBlocks2 functionality until a patch is available. Avoid opening untrusted .fst files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.