Login Sign Up

CVE-2023-36747

7.0 HIGH

📋 TL;DR

CVE-2023-36747 is a heap-based buffer overflow vulnerability in GTKWave's FST file parser. Attackers can exploit this by tricking users into opening malicious .fst files, potentially leading to arbitrary code execution. Users of GTKWave for electronic design automation waveform analysis are primarily affected.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 and potentially earlier versions
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations that process .fst files are vulnerable by default. The vulnerability is triggered during file parsing.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the GTKWave process, potentially leading to full system compromise if GTKWave runs with elevated privileges.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing or privilege separation is implemented.

🌐 Internet-Facing: LOW - GTKWave is typically not an internet-facing service; exploitation requires user interaction to open malicious files.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but exploitation requires user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Public proof-of-concept exists in vulnerability reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.3.118 or later

Vendor Advisory: https://sourceforge.net/p/gtkwave/bugs/43/

Restart Required: No

Instructions:

1. Download latest GTKWave from official source. 2. Uninstall old version. 3. Install patched version. 4. Verify installation with version check.

🔧 Temporary Workarounds

Restrict .fst file handling

all

Configure system to open .fst files with alternative software or restrict execution of GTKWave

User awareness training

all

Train users to only open .fst files from trusted sources

🧯 If You Can't Patch

  • Run GTKWave in sandboxed environment with minimal privileges
  • Implement application whitelisting to prevent unauthorized GTKWave execution

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' or examine installed package version

Check Version:

gtkwave --version

Verify Fix Applied:

Confirm version is 3.3.118 or higher: 'gtkwave --version | grep -q "3.3.11[8-9]\|3.3.[2-9]\|3.[4-9]"'

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs
  • Application error events mentioning heap corruption or buffer overflow

Network Indicators:

  • Unusual .fst file downloads from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="gtkwave.exe" OR Application="GTKWave" AND (Message CONTAINS "heap" OR Message CONTAINS "buffer" OR Message CONTAINS "overflow")

📊 Metadata

CVE ID: CVE-2023-36747
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36747, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)