Login Sign Up

CVE-2023-38621

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes integer overflow vulnerabilities in GTKWave's VZT facgeometry parsing that can lead to arbitrary code execution when a malicious .vzt file is opened. Users of GTKWave 3.3.115 who open untrusted waveform files are affected. The vulnerability allows attackers to execute arbitrary code with the privileges of the user running GTKWave.

💻 Affected Systems

Products:
  • GTKWave
Versions: 3.3.115
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of GTKWave 3.3.115 are vulnerable when opening .vzt files. The vulnerability is in the core parsing functionality.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or malware execution when users open malicious waveform files from untrusted sources.

🟢

If Mitigated

Limited impact if file opening is restricted to trusted sources and least privilege principles are followed.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.115

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Update GTKWave to the latest version from official sources. 2. For Debian systems: apt update && apt upgrade gtkwave. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Restrict .vzt file handling

all

Configure system to open .vzt files only with trusted applications or in sandboxed environments.

User awareness training

all

Train users to only open .vzt files from trusted sources and verify file integrity.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized GTKWave binaries.
  • Use sandboxing solutions to isolate GTKWave when opening untrusted waveform files.

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version. If version is 3.3.115, system is vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

After update, run gtkwave --version and confirm version is greater than 3.3.115.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from GTKWave
  • Memory allocation errors in GTKWave logs
  • Crash dumps from GTKWave

Network Indicators:

  • None - this is a local file parsing vulnerability

SIEM Query:

Process Creation where Image contains 'gtkwave' and CommandLine contains '.vzt'

📊 Metadata

CVE ID: CVE-2023-38621
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38621, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)