CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
23.1%
Multiple out-of-bounds write vulnerabilities exist in the VCD
parse_valuechange portdump functionality of GTKWave 3.3.115. A specially
crafted .vcd file can lead to arbitrary code execution. A victim would need
to open a malicious file to trigger these vulnerabilities.This
vulnerability concerns the out-of-bounds write when triggered via the
vcd2vzt conversion utility.
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
23.1%