CVE-2023-39235

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to out-of-bounds write vulnerabilities in the VZT vzt rd process block autosort functionality. A specially crafted .vzt file can lead to arbitrary code execution when a victim opens the malicious file. The vulnerability is specifically tied to the out-of-bounds write when looping over num time ticks.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the autosort functionality in the VZT vzt rd process block until a patch is available. As a temporary workaround, restrict the opening of .vzt files from untrusted sources to minimize the risk of exploitation.