CVE-2023-35969

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 119

CWE ID 787

Summary

CVE-2023-35969 is a critical buffer overflow vulnerability affecting GTKWave 3.3.115. Multiple heap-based buffer overflows exist in the fstReaderIterBlocks2 chain_table parsing functionality. A maliciously crafted .fst file can exploit these vulnerabilities, leading to arbitrary code execution. This vulnerability specifically targets the `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types within the chain_table. Successful exploitation requires the victim to open a specially crafted file.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEpGau
https://www.cve.org/CVERecord?id=CVE-2023-35969
https://nvd.nist.gov/vuln/detail/CVE-2023-35969

Back to Vulnerability Database

CVE-2023-35969

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations