CVE-2023-37445 – CVE-2023-37445 is a critical vulnerability in G... (How to Fix)

Q: What is the severity of CVE-2023-37445?

CVE-2023-37445 has a CVSS score of 7.8 (HIGH). CVE-2023-37445 is a critical vulnerability in GTKWave 3.3.115 where specially crafted VCD files can trigger out-of-bounds read/write conditions leading to arbitrary code execution. Users who open malicious .vcd files or use the vcd2vzt conversion utility are affected. This vulnerability allows attackers to potentially take full control of affected systems.

📋 TL;DR

CVE-2023-37445 is a critical vulnerability in GTKWave 3.3.115 where specially crafted VCD files can trigger out-of-bounds read/write conditions leading to arbitrary code execution. Users who open malicious .vcd files or use the vcd2vzt conversion utility are affected. This vulnerability allows attackers to potentially take full control of affected systems.

💻 Affected Systems

Products:

GTKWave

Versions: Version 3.3.115 specifically

Operating Systems: Linux, Windows, macOS - all platforms running GTKWave

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered through the VCD file format parser and vcd2vzt conversion utility.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or system compromise when users open malicious VCD files from untrusted sources.

🟢

If Mitigated

Limited impact if file validation and user education prevent opening untrusted files.

🌐 Internet-Facing: LOW - GTKWave is typically not internet-facing; exploitation requires user interaction with malicious files.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and understanding of VCD file structure manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.115 (check for updates from GTKWave repository)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Check current GTKWave version. 2. Update to latest version from official GTKWave repository. 3. Verify update was successful. 4. Remove any cached or temporary VCD files from untrusted sources.

🔧 Temporary Workarounds

Disable VCD file processing

all

Prevent GTKWave from processing VCD files by removing file associations or using application controls

Sandbox execution

linux

Run GTKWave in a sandboxed environment to limit potential damage

firejail --net=none gtkwave
bwrap --unshare-all --dev /dev --ro-bind /usr /usr --bind /tmp /tmp --proc /proc --dev-bind /dev /dev gtkwave

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of GTKWave
Educate users to never open VCD files from untrusted sources and validate all input files

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' or 'dpkg -l | grep gtkwave' on Debian systems

Check Version:

gtkwave --version 2>&1 | head -1

Verify Fix Applied:

Verify version is newer than 3.3.115 and test with known safe VCD files

📡 Detection & Monitoring

Log Indicators:

GTKWave crashes with memory access violations
Unexpected child processes spawned from GTKWave
Abnormal system calls from GTKWave process

Network Indicators:

Unusual outbound connections following GTKWave execution
DNS requests to suspicious domains after file opening

SIEM Query:

process_name:"gtkwave" AND (event_type:"crash" OR parent_process_name:"gtkwave")

📊 Metadata

CVE ID: CVE-2023-37445

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: January 8, 2024

Last Updated: November 4, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1805

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37445, you might also want to check these: