Login Sign Up

CVE-2023-37416

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-37416 is an out-of-bounds write vulnerability in GTKWave's VCD file parser that allows arbitrary code execution when a malicious .vcd file is opened. Users of GTKWave 3.3.115 who open untrusted VCD files are affected. The vulnerability exists in the legacy GUI parsing code for value change dump files.

💻 Affected Systems

Products:
  • GTKWave
Versions: 3.3.115
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of GTKWave 3.3.115 are vulnerable when opening VCD files via the GUI's legacy parser.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation when a user opens a malicious VCD file from an untrusted source.

🟢

If Mitigated

Limited impact if users only open trusted VCD files and GTKWave runs with minimal privileges.

🌐 Internet-Facing: LOW - GTKWave is typically not an internet-facing service; exploitation requires user interaction with malicious files.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no public exploit code is available as of current knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.115 (check upstream for specific fixed version)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Check current GTKWave version. 2. Update to latest version from official repository. 3. Verify update by checking version again.

🔧 Temporary Workarounds

Restrict VCD file handling

all

Configure system to open VCD files with alternative trusted software or disable automatic opening with GTKWave.

Run with reduced privileges

all

Execute GTKWave with limited user permissions to reduce impact of successful exploitation.

🧯 If You Can't Patch

  • Restrict GTKWave usage to trusted VCD files only from verified sources.
  • Implement application whitelisting to prevent execution of unauthorized binaries from GTKWave process.

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version; if it's 3.3.115, the system is vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

Verify GTKWave version is updated to a version after 3.3.115.

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs with memory access violations
  • Unexpected child processes spawned from GTKWave

Network Indicators:

  • Unusual outbound connections from GTKWave process

SIEM Query:

Process creation where parent process is gtkwave AND (command line contains .vcd OR file path contains .vcd)

📊 Metadata

CVE ID: CVE-2023-37416
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37416, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)