Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html | |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 | Exploit Third Party Advisory |
Configurations
History
09 Apr 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-08 15:15
Updated : 2024-04-09 21:15
NVD link : CVE-2023-37573
Mitre link : CVE-2023-37573
CVE.ORG link : CVE-2023-37573
JSON object : View
Products Affected
tonybybell
- gtkwave
CWE
CWE-416
Use After Free