CVE-2023-32650

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description An integer overflow vulnerability exists in the FST BL GEOM parsing maxhandle functionality of GTKWave. This vulnerability can be triggered by a specially crafted .fst file, leading to memory corruption. A victim would need to open a malicious file to exploit this issue. The vulnerability is related to pointer dereference errors and can potentially allow an attacker to execute arbitrary code.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of the FST BL GEOM parsing functionality until a patch is available. As a temporary workaround, restrict the opening of .fst files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.