CVE-2023-37923
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/01/2024
Last modified:
09/04/2024
Description
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page