CVE-2023-35962

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 78

Summary

CVE-2023-35962 refers to multiple OS command injection vulnerabilities discovered in the decompression functionality of GTKWave 3.3.115. A maliciously crafted wave file can exploit these vulnerabilities, resulting in arbitrary command execution. The `vcd2vzt` utility's decompression process is the source of this issue. A victim would be at risk if they open a malicious file with this software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEpMug
https://www.cve.org/CVERecord?id=CVE-2023-35962
https://nvd.nist.gov/vuln/detail/CVE-2023-35962

Back to Vulnerability Database

CVE-2023-35962

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations