CVE-2023-35989

An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 - Exploit, Third Party Advisory

09 Apr 2024, 21:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html -

16 Jan 2024, 16:29

Type Values Removed Values Added
First Time Tonybybell gtkwave
Tonybybell
CPE cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:* cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*

10 Jan 2024, 01:18

Type Values Removed Values Added
First Time Gtkwave
Gtkwave gtkwave
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 - Exploit, Third Party Advisory
CPE cpe:2.3:a:gtkwave:gtkwave:3.3.115:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad de asignación de bloques zlib LXT2 de GTKWave 3.3.115. Un archivo .lxt2 especialmente manipulado puede provocar la ejecución de código arbitrario. Una víctima necesitaría abrir un archivo malicioso para activar esta vulnerabilidad.

08 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1822', 'source': 'talos-cna@cisco.com'}

08 Jan 2024, 15:27

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-08 15:15

Updated : 2024-11-21 08:09


NVD link : CVE-2023-35989

Mitre link : CVE-2023-35989

CVE.ORG link : CVE-2023-35989


JSON object : View

Products Affected

tonybybell

  • gtkwave
CWE
CWE-190

Integer Overflow or Wraparound