CVE-2023-37577

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 416

Summary

CVE-2023-37577 is a use-after-free vulnerability affecting GTKWave 3.3.115. Multiple instances of this issue exist in the VCD get_vartoken realloc functionality. A maliciously crafted .vcd file can exploit these vulnerabilities, leading to arbitrary code execution. Triggering these vulnerabilities requires opening a specially designed file with the vcd2lxt2 conversion utility. This flaw poses a significant risk to users who handle .vcd files, potentially allowing attackers to execute malicious code on their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r6Xjvl
https://www.cve.org/CVERecord?id=CVE-2023-37577
https://nvd.nist.gov/vuln/detail/CVE-2023-37577

Back to Vulnerability Database

CVE-2023-37577

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations