CVE-2023-36916 – This CVE-2023-36916 vulnerability allows arbitr... (How to Fix)

Q: What is the severity of CVE-2023-36916?

CVE-2023-36916 has a CVSS score of 7.8 (HIGH). This CVE-2023-36916 vulnerability allows arbitrary code execution through integer overflow in GTKWave's FST file parser. Attackers can craft malicious .fst files that trigger memory corruption when opened by victims. Users of GTKWave who open untrusted waveform files are affected.

📋 TL;DR

This CVE-2023-36916 vulnerability allows arbitrary code execution through integer overflow in GTKWave's FST file parser. Attackers can craft malicious .fst files that trigger memory corruption when opened by victims. Users of GTKWave who open untrusted waveform files are affected.

💻 Affected Systems

Products:

GTKWave

Versions: Version 3.3.115 and potentially earlier versions

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations that process .fst files are vulnerable by default.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine through arbitrary code execution.

🟠

Likely Case

Local privilege escalation or malware installation when users open malicious waveform files from untrusted sources.

🟢

If Mitigated

Denial of service or application crash if memory protections prevent code execution.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly network exploitable.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file, but the vulnerability is in core parsing functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.115

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Check current GTKWave version. 2. Update to latest version from official repository. 3. Verify update by checking version number.

🔧 Temporary Workarounds

Restrict .fst file processing

all

Prevent GTKWave from opening untrusted .fst files

chmod 644 *.fst
set file associations to open .fst with text editor only

🧯 If You Can't Patch

Use application whitelisting to restrict GTKWave execution
Implement user training to avoid opening untrusted waveform files

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' or check installed package version

Check Version:

gtkwave --version

Verify Fix Applied:

Confirm version is newer than 3.3.115 and test with known safe .fst files

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening .fst files
Unusual memory allocation patterns

Network Indicators:

File downloads of .fst files from untrusted sources

SIEM Query:

process_name:gtkwave AND (event_type:crash OR file_extension:fst)

📊 Metadata

CVE ID: CVE-2023-36916

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: January 8, 2024

Last Updated: November 4, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1798

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36916, you might also want to check these: