Login Sign Up

CVE-2023-35057

7.8 HIGH

📋 TL;DR

An integer overflow vulnerability in GTKWave's LXT2 file parser allows memory corruption when processing specially crafted .lxt2 files. Attackers can exploit this by tricking users into opening malicious files, potentially leading to arbitrary code execution. Users of GTKWave who open untrusted waveform files are affected.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 and possibly earlier versions
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations that process .lxt2 files are vulnerable. The vulnerability is in the core file parsing functionality.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running GTKWave, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for code execution.

🟢

If Mitigated

No impact if users only open trusted files or the application is patched.

🌐 Internet-Facing: LOW - GTKWave is typically not an internet-facing service.
🏢 Internal Only: MEDIUM - Risk exists when users open untrusted files from internal sources or email attachments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file). Proof-of-concept details are available in the Talos Intelligence report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with distribution maintainers or upstream for patched versions

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1821

Restart Required: No

Instructions:

1. Update GTKWave to a patched version from your distribution's repository. 2. For Debian systems, apply security updates via 'apt update && apt upgrade'. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Restrict file access

all

Only open .lxt2 files from trusted sources. Implement file integrity checking for waveform files.

Use alternative formats

all

Convert .lxt2 files to other waveform formats (like VCD) before opening in GTKWave.

🧯 If You Can't Patch

  • Run GTKWave with reduced privileges or in a sandboxed environment
  • Implement application whitelisting to prevent execution of malicious code

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' or 'dpkg -l gtkwave' on Debian systems. If version is 3.3.115 or earlier, it's likely vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

After updating, verify the version is newer than 3.3.115. Test with known safe .lxt2 files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access errors
  • Unexpected process termination when opening .lxt2 files

Network Indicators:

  • Unusual file downloads followed by GTKWave execution

SIEM Query:

process_name:"gtkwave" AND (event_type:"crash" OR file_extension:".lxt2")

📊 Metadata

CVE ID: CVE-2023-35057
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35057, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)