Login Sign Up

CVE-2023-38623

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes integer overflow vulnerabilities in GTKWave's VZT facgeometry parsing that can lead to arbitrary code execution when a malicious .vzt file is opened. Users of GTKWave 3.3.115 who open untrusted waveform files are affected. The vulnerability allows attackers to execute arbitrary code with the privileges of the user running GTKWave.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 specifically mentioned; potentially earlier versions with same code.
Operating Systems: Linux, Windows, macOS - any OS running GTKWave
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected GTKWave versions are vulnerable when parsing .vzt files.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or malware execution when users open malicious waveform files from untrusted sources.

🟢

If Mitigated

No impact if users only open trusted files or the application is patched.

🌐 Internet-Facing: LOW - GTKWave is typically not exposed to internet-facing services.
🏢 Internal Only: MEDIUM - Risk exists when users open untrusted files internally, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Debian security updates or upstream GTKWave repository for patched version.

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Update GTKWave through your package manager (apt update && apt upgrade gtkwave on Debian/Ubuntu). 2. For source installations, download and compile latest version from official repository. 3. Verify version after update.

🔧 Temporary Workarounds

Restrict .vzt file handling

all

Configure system to open .vzt files with alternative software or require user confirmation.

User awareness training

all

Train users to only open .vzt files from trusted sources.

🧯 If You Can't Patch

  • Restrict user permissions running GTKWave to minimize impact of potential code execution.
  • Implement application whitelisting to prevent execution of unauthorized binaries from GTKWave process.

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version. If version is 3.3.115 or potentially earlier, system is vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

After update, run gtkwave --version and confirm version is newer than 3.3.115. Test with known safe .vzt files.

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs when processing .vzt files
  • Unexpected child processes spawned from gtkwave

Network Indicators:

  • Unexpected outbound connections from GTKWave process

SIEM Query:

process_name:gtkwave AND (event_type:crash OR child_process_count > 1)

📊 Metadata

CVE ID: CVE-2023-38623
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38623, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)