CVE-2023-38619

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer overflow vulnerabilities in the VZT facgeometry parsing functionality. A specially crafted .vzt file can lead to arbitrary code execution if a victim opens the malicious file. The vulnerability specifically concerns integer overflow when allocating the msb array.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .vzt files from untrusted sources until a patch is available. As a temporary workaround, restrict the functionality related to VZT facgeometry parsing to minimize the risk of exploitation.