Login Sign Up

CVE-2023-38583

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in GTKWave's LXT2 file parser. Attackers can craft malicious .lxt2 files that, when opened by a victim, could lead to arbitrary code execution. Users of GTKWave who open untrusted waveform files are affected.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 and potentially earlier versions
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations that process .lxt2 files are vulnerable by default.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running GTKWave, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user opening the malicious file, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact if file opening is restricted to trusted sources, with potential application crash but no code execution.

🌐 Internet-Facing: LOW - This requires user interaction to open a malicious file, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or shared drives.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Proof-of-concept details are available in the Talos Intelligence report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor updates - Debian has patched versions available

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Check for updated GTKWave package from your distribution. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade gtkwave. 3. For other systems, download from official GTKWave repository or compile from patched source.

🔧 Temporary Workarounds

Restrict .lxt2 file handling

all

Configure system to open .lxt2 files only with trusted applications or in sandboxed environments.

Use file integrity monitoring

all

Monitor for unexpected .lxt2 file creation or modification in user directories.

🧯 If You Can't Patch

  • Restrict user permissions to minimize impact of potential code execution
  • Implement application whitelisting to prevent unauthorized GTKWave execution

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version. If version is 3.3.115 or earlier, it's likely vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

After update, verify version is newer than 3.3.115 and test opening known safe .lxt2 files.

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs with segmentation faults
  • Unexpected .lxt2 file access from unusual locations

Network Indicators:

  • Unusual outbound connections after GTKWave execution

SIEM Query:

process_name:"gtkwave" AND (event_type:"crash" OR file_extension:".lxt2")

📊 Metadata

CVE ID: CVE-2023-38583
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38583, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)