CVE-2023-39234

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to out-of-bounds write vulnerabilities in the VZT vzt rd process block autosort functionality. A specially crafted .vzt file can lead to arbitrary code execution when opened by a victim. The vulnerability specifically concerns the out-of-bounds write when looping over lt->numrealfacs.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the autosort functionality in the VZT vzt rd process block until a patch is available. As a temporary workaround, restrict the opening of .vzt files from untrusted sources to minimize the risk of exploitation.