CVE-2023-35004

Name of the Vulnerable Software and Affected Versions GTKWave version 3.3.115

Description An integer overflow vulnerability exists in the VZT longest len value allocation functionality. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this issue. The vulnerability is related to the longest len value allocation functionality and can be exploited by a specially crafted .vzt file, allowing an attacker to execute arbitrary code.

Recommendations For GTKWave version 3.3.115, consider avoiding the use of .vzt files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the VZT file handling functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.