Debian dsa-5653 : gtkwave - security update

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5653. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(192900);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");

  script_cve_id(
    "CVE-2023-32650",
    "CVE-2023-34087",
    "CVE-2023-34436",
    "CVE-2023-35004",
    "CVE-2023-35057",
    "CVE-2023-35128",
    "CVE-2023-35702",
    "CVE-2023-35703",
    "CVE-2023-35704",
    "CVE-2023-35955",
    "CVE-2023-35956",
    "CVE-2023-35957",
    "CVE-2023-35958",
    "CVE-2023-35959",
    "CVE-2023-35960",
    "CVE-2023-35961",
    "CVE-2023-35962",
    "CVE-2023-35963",
    "CVE-2023-35964",
    "CVE-2023-35969",
    "CVE-2023-35970",
    "CVE-2023-35989",
    "CVE-2023-35992",
    "CVE-2023-35994",
    "CVE-2023-35995",
    "CVE-2023-35996",
    "CVE-2023-35997",
    "CVE-2023-36746",
    "CVE-2023-36747",
    "CVE-2023-36861",
    "CVE-2023-36864",
    "CVE-2023-36915",
    "CVE-2023-36916",
    "CVE-2023-37282",
    "CVE-2023-37416",
    "CVE-2023-37417",
    "CVE-2023-37418",
    "CVE-2023-37419",
    "CVE-2023-37420",
    "CVE-2023-37442",
    "CVE-2023-37443",
    "CVE-2023-37444",
    "CVE-2023-37445",
    "CVE-2023-37446",
    "CVE-2023-37447",
    "CVE-2023-37573",
    "CVE-2023-37574",
    "CVE-2023-37575",
    "CVE-2023-37576",
    "CVE-2023-37577",
    "CVE-2023-37578",
    "CVE-2023-37921",
    "CVE-2023-37922",
    "CVE-2023-37923",
    "CVE-2023-38583",
    "CVE-2023-38618",
    "CVE-2023-38619",
    "CVE-2023-38620",
    "CVE-2023-38621",
    "CVE-2023-38622",
    "CVE-2023-38623",
    "CVE-2023-38648",
    "CVE-2023-38649",
    "CVE-2023-38650",
    "CVE-2023-38651",
    "CVE-2023-38652",
    "CVE-2023-38653",
    "CVE-2023-38657",
    "CVE-2023-39234",
    "CVE-2023-39235",
    "CVE-2023-39270",
    "CVE-2023-39271",
    "CVE-2023-39272",
    "CVE-2023-39273",
    "CVE-2023-39274",
    "CVE-2023-39275",
    "CVE-2023-39316",
    "CVE-2023-39317",
    "CVE-2023-39413",
    "CVE-2023-39414",
    "CVE-2023-39443",
    "CVE-2023-39444"
  );

  script_name(english:"Debian dsa-5653 : gtkwave - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the
dsa-5653 advisory.

  - An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave
    3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A
    victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-32650)

  - An improper array index validation vulnerability exists in the EVCD var len parsing functionality of
    GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger this vulnerability. (CVE-2023-34087)

  - An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger this vulnerability. (CVE-2023-34436)

  - An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger this vulnerability. (CVE-2023-35004)

  - An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality
    of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to
    open a malicious file to trigger this vulnerability. (CVE-2023-35057)

  - An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality
    of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to
    open a malicious file to trigger this vulnerability. (CVE-2023-35128)

  - Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
    GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    fstReaderVarint32 function. (CVE-2023-35702)

  - Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
    GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    fstReaderVarint64 function. (CVE-2023-35703)

  - Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
    GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    fstReaderVarint32WithSkip function. (CVE-2023-35704)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
    functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the decompression function `LZ4_decompress_safe_partial`. (CVE-2023-35955)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
    functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the decompression function `fastlz_decompress`. (CVE-2023-35956)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
    functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the decompression function `uncompress`. (CVE-2023-35957)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
    functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the copy function `fstFread`. (CVE-2023-35958)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression.
    (CVE-2023-35959)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in
    `vcd_main`. (CVE-2023-35960)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in
    `vcd_recorder_main`. (CVE-2023-35961)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt`
    utility. (CVE-2023-35962)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the
    `vcd2lxt2` utility. (CVE-2023-35963)

  - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
    A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt`
    utility. (CVE-2023-35964)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. (CVE-2023-35969)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. (CVE-2023-35970)

  - An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger this vulnerability. (CVE-2023-35989)

  - An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of
    GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory
    corruption. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35992)

  - Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the tdelta initialization part. (CVE-2023-35994)

  - Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the tdelta indexing when signal_lens is 1. (CVE-2023-35995)

  - Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the tdelta indexing when signal_lens is 0. (CVE-2023-35996)

  - Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the tdelta indexing when signal_lens is 2 or more. (CVE-2023-35997)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    handling of `len` in `fstWritex` when parsing the time table. (CVE-2023-36746)

  - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table.
    (CVE-2023-36747)

  - An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115.
    A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger this vulnerability. (CVE-2023-36861)

  - An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-36864)

  - Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the allocation of the `chain_table` array. (CVE-2023-36915)

  - Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation
    functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the allocation of the `chain_table_lengths` array. (CVE-2023-36916)

  - An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger this vulnerability. (CVE-2023-37282)

  - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the GUI's legacy VCD parsing code. (CVE-2023-37416)

  - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the GUI's interactive VCD parsing code. (CVE-2023-37417)

  - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2vzt conversion utility. (CVE-2023-37418)

  - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37419)

  - Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2lxt conversion utility. (CVE-2023-37420)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    read when triggered via the GUI's default VCD parsing code. (CVE-2023-37442)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    read when triggered via the GUI's legacy VCD parsing code. (CVE-2023-37443)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    read when triggered via the GUI's interactive VCD parsing code. (CVE-2023-37444)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2vzt conversion utility. (CVE-2023-37445)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37446)

  - Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
    GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds
    write when triggered via the vcd2lxt conversion utility. (CVE-2023-37447)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the GUI's recoder (default) VCD parsing code. (CVE-2023-37573)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the GUI's legacy VCD parsing code. (CVE-2023-37574)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the GUI's interactive VCD parsing code. (CVE-2023-37575)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the vcd2vzt conversion utility. (CVE-2023-37576)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the vcd2lxt2 conversion utility. (CVE-2023-37577)

  - Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave
    3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when
    triggered via the vcd2lxt conversion utility. (CVE-2023-37578)

  - Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
    A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when
    triggered via the vcd2vzt conversion utility. (CVE-2023-37921)

  - Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
    A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when
    triggered via the vcd2lxt2 conversion utility. (CVE-2023-37922)

  - Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
    A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when
    triggered via the vcd2lxt conversion utility. (CVE-2023-37923)

  - A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of
    GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need
    to open a malicious file to trigger this vulnerability. (CVE-2023-38583)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `rows` array. (CVE-2023-38618)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `msb` array. (CVE-2023-38619)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `lsb` array. (CVE-2023-38620)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `flags` array. (CVE-2023-38621)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `len` array. (CVE-2023-38622)

  - Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a
    malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `vindex_offset` array. (CVE-2023-38623)

  - Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the out-of-bounds write perfomed by the prefix copy loop. (CVE-2023-38648)

  - Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A
    victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns
    the out-of-bounds write perfomed by the string copy loop. (CVE-2023-38649)

  - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer overflow when num_time_ticks is not zero. (CVE-2023-38650)

  - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer overflow when num_time_ticks is zero. (CVE-2023-38651)

  - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer overflow when num_time_ticks is not zero. (CVE-2023-38652)

  - Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing
    functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer overflow when num_time_ticks is zero. (CVE-2023-38653)

  - An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger this vulnerability. (CVE-2023-38657)

  - Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality
    of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would
    need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-
    bounds write when looping over `lt->numrealfacs`. (CVE-2023-39234)

  - Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality
    of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would
    need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-
    bounds write when looping over `lt->num_time_ticks`. (CVE-2023-39235)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `rows` array. (CVE-2023-39270)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `msb` array. (CVE-2023-39271)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `lsb` array. (CVE-2023-39272)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `flags` array. (CVE-2023-39273)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `len` array. (CVE-2023-39274)

  - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `value` array. (CVE-2023-39275)

  - Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `string_pointers` array. (CVE-2023-39316)

  - Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave
    3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open
    a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when
    allocating the `string_lens` array. (CVE-2023-39317)

  - Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation
    functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer underflow when performing the left shift operation. (CVE-2023-39413)

  - Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation
    functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim
    would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the
    integer underflow when performing the right shift operation. (CVE-2023-39414)

  - Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A
    specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious
    file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the
    prefix copy loop. (CVE-2023-39443)

  - Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A
    specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious
    file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the
    string copy loop. (CVE-2023-39444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/gtkwave");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-32650");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-34087");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-34436");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35004");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35057");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35128");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35702");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35703");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35704");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35955");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35956");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35957");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35958");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35959");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35960");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35961");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35962");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35963");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35964");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35969");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35970");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35989");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35992");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35994");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35995");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35996");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-35997");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36746");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36747");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36861");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36864");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36915");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-36916");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37282");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37416");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37417");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37418");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37419");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37420");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37442");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37443");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37444");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37445");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37446");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37447");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37573");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37574");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37575");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37576");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37577");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37578");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37921");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37922");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-37923");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38583");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38618");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38619");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38620");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38621");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38622");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38623");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38648");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38649");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38650");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38651");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38652");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38653");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38657");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39234");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39235");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39270");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39271");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39272");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39273");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39274");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39275");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39316");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39317");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39413");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39414");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39443");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-39444");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/gtkwave");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/gtkwave");
  script_set_attribute(attribute:"solution", value:
"Upgrade the gtkwave packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-39444");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gtkwave");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'gtkwave', 'reference': '3.3.104+really3.3.118-0+deb11u1'},
    {'release': '12.0', 'prefix': 'gtkwave', 'reference': '3.3.118-0.1~deb12u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gtkwave');
}