CVE-2023-39273

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer overflow vulnerabilities in the LXT2 facgeometry parsing functionality. A specially crafted .lxt2 file can lead to arbitrary code execution. This can be triggered when a victim opens a malicious file. The vulnerability specifically concerns an integer overflow when allocating the flags array.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .lxt2 files from untrusted sources until a fix is available. As a temporary workaround, restrict the ability to open .lxt2 files to minimize the risk of exploitation.