CVE-2023-36864

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description An integer overflow issue exists in the fstReaderIterBlocks2 function's temp signal value buf allocation, allowing arbitrary code execution through a specially crafted .fst file. A victim must open a malicious file to trigger this issue.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the fstReaderIterBlocks2 function until a patch is available. As a temporary workaround, restrict the opening of .fst files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.