Risk | High |
Patch available | YES |
Number of vulnerabilities | 82 |
CVE-ID | CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 CVE-2023-39443 CVE-2023-39444 |
CWE-ID | CWE-190 CWE-129 CWE-787 CWE-121 CWE-122 CWE-78 CWE-125 CWE-416 CWE-119 CWE-191 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Debian Linux Operating systems & Components / Operating system gtkwave (Debian package) Operating systems & Components / Operating system package or component |
Vendor | Debian |
Security Bulletin
This security bulletin contains information about 82 vulnerabilities.
EUVDB-ID: #VU85157
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32650
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the FST_BL_GEOM parsing maxhandle functionality when compiled as a 32-bit binary. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85120
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34087
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the EVCD var len parsing functionality. A remote attacker can
create a specially crafted .evcd file, trick the victim into opening it
using the affected software, trigger an array index error and execute arbitrary code on the system.
Update gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85095
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34436
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the LXT2 num_time_table_entries functionality. A remote attacker can create a specially crafted .lxt2 file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85109
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35004
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT longest_len value allocation functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85087
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35057
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 lxt2_rd_trace value elements allocation functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85126
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35128
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the fstReaderIterBlocks2 time_table tsec_nitems functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85122
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35702
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the FST LEB128 varint functionality. A remote unauthenticated attacker can trick the victim to open a specially crafted .fst file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85123
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35703
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the FST LEB128 varint functionality. A remote unauthenticated attacker can trick the victim to open a specially crafted .fst file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85121
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35704
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the FST LEB128 varint functionality. A remote unauthenticated attacker can trick the victim to open a specially crafted .fst file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85142
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35955
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 VCDATA parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85140
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35956
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 VCDATA parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85139
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35957
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 VCDATA parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85141
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35958
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 VCDATA parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85118
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35959
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85114
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35960
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85117
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35961
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85116
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35962
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85119
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35963
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85115
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35964
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the decompression functionality. A remote attacker can trick the victim to open a specially crafted wave file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85124
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35969
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 chain_table parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85125
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35970
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 chain_table parsing functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85096
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35989
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 zlib block allocation functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85143
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35992
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the FST fstReaderIterBlocks2 vesc allocation functionality when compiled as a 32-bit binary. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85091
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35994
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 tdelta functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an array index error and execute arbitrary code on the system.
Update gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85089
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35995
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 tdelta functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an array index error and execute arbitrary code on the system.
Update gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85090
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35996
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 tdelta functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an array index error and execute arbitrary code on the system.
Update gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85088
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35997
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 tdelta functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an array index error and execute arbitrary code on the system.
Update gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85138
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36746
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 fstWritex len functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85137
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36747
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the fstReaderIterBlocks2 fstWritex len functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85162
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36861
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VZT LZMA_read_varint functionality. A remote attacker can create a specially crafted .vzt file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85092
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36864
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85158
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36915
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the FST fstReaderIterBlocks2 chain_table allocation functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85159
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36916
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the FST fstReaderIterBlocks2 chain_table allocation functionality. A remote attacker can trick the victim to open a specially crafted .fst file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85110
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37282
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VZT LZMA_Read dmem extraction functionality. A remote attacker can create a specially crafted .vzt file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85149
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37416
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VCD parse_valuechange portdump functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85150
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37417
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VCD parse_valuechange portdump functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85148
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37418
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VCD parse_valuechange portdump functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85146
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37419
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VCD parse_valuechange portdump functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85147
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37420
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VCD parse_valuechange portdump functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85071
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37442
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the VCD GUI recoder. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85073
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37443
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in VCD GUI legacy. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85072
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37444
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in VCD GUI interactive. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85070
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37445
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary condition in the vcd2vzt conversion utility. A remote attacker can pass a specially crafted .vcd file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85075
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37446
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition n the vcd2lxt2 conversion utility. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85074
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37447
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vcd2lxt conversion utility. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85151
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37573
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85156
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37574
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85152
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37575
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85155
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85154
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37577
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85153
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37578
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the VCD get_vartoken realloc functionality. A remote attacker can trick the victim to open a specially crafted .vcd file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85106
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37921
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the VCD sorted bsearch functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85107
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37922
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the VCD sorted bsearch functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85108
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37923
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the VCD sorted bsearch functionality. A remote attacker can create a specially crafted .vcd file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85099
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38583
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the LXT2 lxt2_rd_expand_integer_to_bits function. A remote unauthenticated attacker can trick the victim to open a specially crafted .lxt2 file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85102
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38618
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85104
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38619
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85103
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38620
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85101
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38621
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85100
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38622
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85105
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38623
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85112
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38648
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VZT vzt_rd_get_facname decompression functionality. A remote attacker can create a specially crafted .vzt file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85111
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38649
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the VZT vzt_rd_get_facname decompression functionality. A remote attacker can create a specially crafted .vzt file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85163
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38650
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT vzt_rd_block_vch_decode times parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85164
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38651
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT vzt_rd_block_vch_decode times parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85161
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38652
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT vzt_rd_block_vch_decode dict parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85160
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38653
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the VZT vzt_rd_block_vch_decode dict parsing functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85086
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38657
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the LXT2 zlib block decompression functionality. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85094
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39234
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the VZT vzt_rd_process_block autosort functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an array index error and execute arbitrary code on the system. MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85093
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39235
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the VZT vzt_rd_process_block autosort functionality. A remote attacker can trick the victim to open a specially crafted .vzt file, trigger an array index error and execute arbitrary code on the system. MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85134
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39270
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85129
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39271
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85131
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39272
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85132
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39273
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85133
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39274
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85130
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39275
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 facgeometry parsing functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85144
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39316
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 num_dict_entries functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85145
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39317
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the LXT2 num_dict_entries functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85097
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39413
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow in the LXT2 lxt2_rd_iter_radix shift operation functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85098
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39414
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow in the LXT2 lxt2_rd_iter_radix shift operation functionality. A remote attacker can trick the victim to open a specially crafted .lxt2 file, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85085
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39443
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in string copy loop during LXT2 lxt2_rd_get_facname decompression. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85084
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39444
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in prefix copy loop during LXT2 lxt2_rd_get_facname decompression. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate gtkwave package to one of the following versions: 3.3.104+really3.3.118-0+deb11u1, 3.3.118-0.1~deb12u1.
Vulnerable software versionsDebian Linux: All versions
gtkwave (Debian package): before 3.3.104+really3.3.118-0+deb11u1
CPE2.3http://lists.debian.org/debian-security-announce/2024/msg00061.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.