CVE-2023-37419

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description Multiple out-of-bounds write issues exist in the VCD parse valuechange portdump functionality. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these issues. This concern is related to the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

Recommendations For GTKWave version 3.3.115, as a temporary workaround, consider avoiding the use of the vcd2lxt2 conversion utility until a patch is available. Restrict access to malicious .vcd files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.