Login Sign Up

CVE-2023-35992

7.0 HIGH

📋 TL;DR

An integer overflow vulnerability in GTKWave's FST file parser allows memory corruption when processing malicious .fst files. This affects users who open untrusted waveform files with vulnerable 32-bit GTKWave binaries. Attackers could potentially execute arbitrary code or crash the application.

💻 Affected Systems

Products:
  • GTKWave
Versions: 3.3.115 and potentially earlier versions
Operating Systems: Linux, Windows, macOS (when compiled as 32-bit)
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects 32-bit compiled binaries. 64-bit versions may be less susceptible but should still be patched.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise when a user opens a malicious .fst file.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if users only open trusted files or use patched versions.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly network exploitable.
🏢 Internal Only: MEDIUM - Internal users could be targeted via social engineering with malicious files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. Proof-of-concept details available in Talos advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updated version (Debian patches available)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Update GTKWave through package manager (apt update && apt upgrade gtkwave). 2. Or compile from patched source. 3. Verify version is post-3.3.115.

🔧 Temporary Workarounds

Use 64-bit binary

all

Switch to 64-bit compiled GTKWave if available, as integer overflow may be less exploitable.

Check binary: file $(which gtkwave) | grep '64-bit'

Restrict file access

all

Limit GTKWave to opening only trusted .fst files from known sources.

🧯 If You Can't Patch

  • Isolate GTKWave usage to dedicated systems with no sensitive data
  • Implement application whitelisting to prevent execution of malicious payloads

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version. If version is 3.3.115 or earlier and binary is 32-bit, it's vulnerable.

Check Version:

gtkwave --version 2>/dev/null || dpkg -l | grep gtkwave || rpm -q gtkwave

Verify Fix Applied:

Verify updated version and test with known safe .fst files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs
  • Segmentation fault errors in system logs

Network Indicators:

  • Unusual .fst file downloads from untrusted sources

SIEM Query:

Process:gtkwave AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2023-35992
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35992, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)