CVE-2023-39271

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer overflow vulnerabilities in the LXT2 facgeometry parsing functionality. A specially crafted .lxt2 file can lead to arbitrary code execution when opened by a victim. The vulnerability specifically concerns integer overflow when allocating the msb array.

Recommendations For GTKWave version 3.3.115, avoid opening untrusted .lxt2 files until a fix is available. As a temporary workaround, consider restricting access to the LXT2 facgeometry parsing functionality to minimize the risk of exploitation.