CVE-2023-39274

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Apr 9, 2024

CWE ID 190

Summary

CVE-2023-39274 is a critical vulnerability affecting GTKWave 3.3.115. The issue arises from multiple integer overflow vulnerabilities in the LXT2 facgeometry parsing functionality. A maliciously crafted .lxt2 file can lead to arbitrary code execution if opened by a victim. The integer overflow occurs during the allocation of the 'len' array, creating an opportunity for attackers to manipulate the software's memory and execute malicious code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sIDt_P
https://www.cve.org/CVERecord?id=CVE-2023-39274
https://nvd.nist.gov/vuln/detail/CVE-2023-39274

Back to Vulnerability Database

CVE-2023-39274

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations