GTKWave is a full-featured, GTK±based waveform viewer from GTKWave. A buffer overflow vulnerability exists in GTKWave version 3.3.115, which stems from a boundary error in the LXT2 lxt2_rd_expand_integer_to_bits function when handling untrusted input, and can be exploited by an attacker to cause arbitrary code execution via a specially crafted .lxt2 file.