CVE-2023-35957

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 119

Summary

CVE-2023-35957 is a buffer overflow vulnerability affecting GTKWave 3.3.115's fstReaderIterBlocks2 VCDATA parsing functionality. Multiple heap-based buffer overflows can be exploited using a maliciously crafted .fst file, leading to arbitrary code execution. The vulnerability stems from a flaw in the decompression function `uncompress`. A victim must open a malicious file to trigger these vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEpLR1
https://www.cve.org/CVERecord?id=CVE-2023-35957
https://nvd.nist.gov/vuln/detail/CVE-2023-35957

Back to Vulnerability Database

CVE-2023-35957

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations