CVE-2023-38618

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer overflow vulnerabilities in the VZT facgeometry parsing functionality. These vulnerabilities can be triggered by a specially crafted .vzt file, potentially leading to arbitrary code execution when a victim opens the malicious file. The vulnerability specifically concerns integer overflow when allocating the rows array.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .vzt files from untrusted sources until a fix is available. As a temporary workaround, restrict the functionality related to VZT facgeometry parsing to minimize the risk of exploitation.