Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html | |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2024-01-08T14:47:50.434Z
Updated: 2024-01-08T18:00:17.811Z
Reserved: 2023-07-10T20:24:12.661Z
Link: CVE-2023-37921
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-08T15:15:18.610
Modified: 2024-04-09T21:15:12.990
Link: CVE-2023-37921
JSON object: View
Redhat Information
No data.
CWE