3256 matches found
CVE-2023-35957
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...
CVE-2023-35957
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...
CVE-2023-35955
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...
CVE-2023-35964
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35955
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...
CVE-2023-35964
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35957
CVE-2023-35957 affects GTKWave prior to 3.3.118 (e.g., 3.3.115) where multiple heap-based buffer overflows exist in the fstReaderIterBlocks2 VCDATA parsing functionality. A victim must open a specially crafted .fst file, triggering the vulnerability in the decompression function uncompress and po...
CVE-2023-35964
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35957
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerabili...
CVE-2023-35962
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35960
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...
CVE-2023-35960
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy...
CVE-2023-35960
GTKWave 3.3.115 contains multiple OS command injection vulnerabilities in its legacy decompression path (vcd_main). A specially crafted VCD/wave file can lead to arbitrary code execution when opened by a user, local access is required and UI interaction is needed. The issue is documented across m...
CVE-2023-35963
CVE-2023-35963 affects GTKWave (notably the waveform viewer) with multiple OS command injection flaws in the decompression code of the vcd2lxt2 utility when processing crafted wave files. Affected: GTKWave 3.3.115 (Debian/Ubuntu/Debian-LTS advisories cite upgrades to 3.3.118 or similar for bullse...
CVE-2023-35963
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35959
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns .ghw...
CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35961
CVE-2023-35961 affects GTKWave’s decompression path (vcd_recorder_main) and allows multiple OS command injections when a malformed VCD/Wave file is opened. The advisory chain confirms GTKWave 3.3.115 is vulnerable and lists fixes in upstream upgrades, with Debian/DSA-5653 and DLA-3785 advising to...
CVE-2023-35961
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...
CVE-2023-35959
CVE-2023-35959 affects GTKWave (waveform viewer); multiple OS command injection vulnerabilities exist in the .ghw decompression path. An attacker could achieve arbitrary command execution by the user opening a specially crafted .ghw file; local attacker would need to run GTKWave with the affected...