CVE-2023-37574 – This vulnerability allows arbitrary code execut... (How to Fix)

Q: What is the severity of CVE-2023-37574?

CVE-2023-37574 has a CVSS score of 7.8 (HIGH). This vulnerability allows arbitrary code execution when a user opens a specially crafted .vcd file in GTKWave. Attackers can exploit use-after-free flaws in the VCD parsing code to gain control of the victim's system. Anyone using GTKWave to open untrusted .vcd files is affected.

📋 TL;DR

This vulnerability allows arbitrary code execution when a user opens a specially crafted .vcd file in GTKWave. Attackers can exploit use-after-free flaws in the VCD parsing code to gain control of the victim's system. Anyone using GTKWave to open untrusted .vcd files is affected.

💻 Affected Systems

Products:

GTKWave

Versions: 3.3.115 and earlier

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the GUI's legacy VCD parsing code when opening .vcd files.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to user account compromise, file system access, and potential installation of persistent malware.

🟢

If Mitigated

Limited impact if file opening is restricted to trusted sources, with potential application crash but no code execution.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.116 or later

Vendor Advisory: https://sourceforge.net/p/gtkwave/bugs/

Restart Required: No

Instructions:

1. Download latest GTKWave version from official source. 2. Uninstall current version. 3. Install patched version. 4. Verify installation with version check.

🔧 Temporary Workarounds

Restrict .vcd file handling

all

Configure system to open .vcd files with alternative trusted software or disable automatic opening.

Sandbox GTKWave execution

linux

Run GTKWave in isolated environment or container to limit potential damage from exploitation.

🧯 If You Can't Patch

Only open .vcd files from trusted, verified sources.
Use alternative VCD viewer software that is not vulnerable.

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version or about dialog in GUI. If version is 3.3.115 or earlier, system is vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

Verify installed version is 3.3.116 or later using gtkwave --version command.

📡 Detection & Monitoring

Log Indicators:

Unexpected GTKWave crashes when opening .vcd files
Unusual process creation from GTKWave executable

Network Indicators:

Outbound connections from GTKWave process to unexpected destinations

SIEM Query:

Process creation where parent_process contains 'gtkwave' AND (command_line contains '.vcd' OR image_path contains suspicious patterns)

📊 Metadata

CVE ID: CVE-2023-37574

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 8, 2024

Last Updated: November 4, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1806

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37574, you might also want to check these: