CVE-2023-35961

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 78

Summary

CVE-2023-35961 is a critical vulnerability affecting GTKWave 3.3.115, where multiple OS command injection flaws have been discovered in its decompression functionality. A maliciously crafted VCD (Values Change Dump) file triggers these vulnerabilities, potentially leading to arbitrary command execution. This issue lies within the `vcd_recorder_main` component of GTKWave. A victim must open a malicious file to exploit these vulnerabilities, posing a significant threat to users who handle untrusted data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEpGaq
https://www.cve.org/CVERecord?id=CVE-2023-35961
https://nvd.nist.gov/vuln/detail/CVE-2023-35961

Back to Vulnerability Database

CVE-2023-35961

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations