CVE-2023-36747

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple heap-based buffer overflow vulnerabilities in the fstReaderIterBlocks2 and fstWritex len functionality. These vulnerabilities can be triggered by a specially crafted .fst file, leading to memory corruption when a victim opens the malicious file. The problem concerns the handling of len in fstWritex when beg time does not match the start of the time table.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the fstWritex function with untrusted .fst files until a patch is available. As a temporary workaround, restrict the handling of len in fstWritex to prevent memory corruption.