CVE-2023-39414

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description The issue is related to multiple integer underflow vulnerabilities in the LXT2 lxt2 rd iter radix shift operation functionality. A specially crafted .lxt2 file can cause memory corruption. To trigger the issue, a victim would need to open a malicious file. The vulnerability is specifically related to integer underflow when performing the right shift operation.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the lxt2 rd iter radix function with untrusted .lxt2 files until a patch is available. As a temporary workaround, restrict the opening of .lxt2 files from untrusted sources to minimize the risk of exploitation.