CVE-2023-37417

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 787

Summary

CVE-2023-37417 is a critical vulnerability affecting the GTKWave 3.3.115 version. The issue involves multiple out-of-bounds write vulnerabilities found in the parse_valuechange functionality of the VCD (Values Change Dump) portdump feature. Maliciously crafted .vcd files can exploit these vulnerabilities and result in arbitrary code execution. This threat is significant because a victim must only open a malicious file to trigger the vulnerability, which could occur through interaction with the software's graphical user interface (GUI) during VCD parsing.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r45nS3
https://www.cve.org/CVERecord?id=CVE-2023-37417
https://nvd.nist.gov/vuln/detail/CVE-2023-37417

Back to Vulnerability Database

CVE-2023-37417

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations