CVE-2023-37418

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 787

Summary

CVE-2023-37418 is a critical vulnerability affecting GTKWave 3.3.115. Multiple out-of-bounds write issues are identified in the VCD parse_valuechange portdump functionality, which can be exploited through a specially crafted .vcd file. Successful exploitation results in arbitrary code execution. The vulnerability poses a risk particularly during the vcd2vzt conversion process. A victim must open a malicious file to trigger these vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r447Qd
https://www.cve.org/CVERecord?id=CVE-2023-37418
https://nvd.nist.gov/vuln/detail/CVE-2023-37418

Back to Vulnerability Database

CVE-2023-37418

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations