CVE-2023-39413

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer underflow vulnerabilities in the LXT2 lxt2 rd iter radix shift operation functionality. A specially crafted .lxt2 file can cause memory corruption. To trigger the issue, a victim would need to open a malicious file. The vulnerability is specifically related to integer underflow when performing the left shift operation.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .lxt2 files from untrusted sources until a fix is available. As a temporary workaround, restrict the opening of .lxt2 files to minimize the risk of exploitation.