CVE-2023-35996

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to improper array index validation in the fstReaderIterBlocks2 tdelta functionality. A specially crafted .fst file can lead to arbitrary code execution when opened by a victim. The vulnerability specifically concerns the tdelta indexing when the signal lens is 0.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .fst files from untrusted sources until a fix is available. As a temporary workaround, restrict the opening of .fst files to minimize the risk of exploitation.