Vulnerability CVE-2023-35955


Published: 2024-01-08

Description:
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`.

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1785

Copyright 2026, cxsecurity.com

 

Back to Top