CVE-2023-38622

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 190

Summary

CVE-2023-38622 is a newly disclosed vulnerability affecting GTKWave version 3.3.115. Multiple integer overflow issues were identified in the VZT facgeometry parsing functionality. A maliciously crafted .vzt file can exploit these vulnerabilities, resulting in arbitrary code execution. The integer overflow occurs as the 'len' array is being allocated, posing a significant risk to users who open susceptible files.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sD_pdR
https://www.cve.org/CVERecord?id=CVE-2023-38622
https://nvd.nist.gov/vuln/detail/CVE-2023-38622

Back to Vulnerability Database

CVE-2023-38622

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations