Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2024/04/01 10:7 p.m.28 views

OS Command Injection

gtkwave is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation in the decompression functionality in the vcd2lxt utility, which allows attackers to execute arbitrary commands by exploiting a specially crafted wave file...

7.8CVSS7.9AI score0.00094EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/01/08 3:15 p.m.5 views

CVE-2023-37578

Multiple use-after-free vulnerabilities exist in the VCD getvartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

7.8CVSS7.9AI score
Exploits0References3
OSV
OSVadded 2024/01/08 3:15 p.m.0 views

DEBIAN-CVE-2023-37420

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

7.8CVSS9.6AI score0.00089EPSS
Exploits1References1
NVD
NVDadded 2024/01/08 3:15 p.m.16 views

CVE-2023-35964

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS8.1AI score0.00094EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2024/01/08 3:15 p.m.16 views

CVE-2023-35964

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

7.8CVSS7.1AI score0.00094EPSS
Exploits1References2
CVE
CVEadded 2024/01/08 2:47 p.m.48 views

CVE-2023-35964

GTKWave 3.3.115 contains decompression flaws in vcd2lxt that can lead to arbitrary code execution when a user opens a crafted wave file. CVE-2023-35964, rated HIGH (CVSS 7.8), requires local access and user interaction. The issue affects GTKWave, with Debian advisories noting fixes in 3.3.118+ (D...

7.8CVSS7.9AI score0.00094EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/08 2:47 p.m.1 views

CVE-2023-37923

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary...

7.8CVSS8.1AI score0.00068EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2024/01/08 12:0 a.m.2 views

PT-2024-12536 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: The issue concerns decompression in the vcd2lxt utility of GTKWave, where multiple OS command injection vulnerabilities exist. These vulnerabilities can be triggered by a specially crafted wave file,...

7.8CVSS8.4AI score0.00154EPSS
Exploits82References131
Rows per page
Query Builder