CVE-2023-38620

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 190

Summary

CVE-2023-38620 is a critical vulnerability affecting GTKWave 3.3.115. Multiple integer overflow issues have been identified in the VZT facgeometry parsing functionality. A maliciously crafted .vzt file can exploit these vulnerabilities, resulting in arbitrary code execution. The vulnerability arises when the 'lsb' array is allocated, leading to memory corruption and potential exploitation. Users are cautioned to open only trusted files to avoid potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sD_pdN
https://www.cve.org/CVERecord?id=CVE-2023-38620
https://nvd.nist.gov/vuln/detail/CVE-2023-38620

Back to Vulnerability Database

CVE-2023-38620

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations