CVE-2023-37447

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 119

Summary

CVE-2023-37447 is a critical vulnerability affecting GTKWave 3.3.115, where multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality. A maliciously crafted .vcd file can exploit these weaknesses, potentially resulting in arbitrary code execution. Triggering this vulnerability requires opening a specially designed file, posing a significant risk to users who handle .vcd files. The vcd2lxt conversion utility is also implicated in the out-of-bounds write aspect of this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r4-9Ri
https://www.cve.org/CVERecord?id=CVE-2023-37447
https://nvd.nist.gov/vuln/detail/CVE-2023-37447

Back to Vulnerability Database

CVE-2023-37447

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations