Login Sign Up

CVE-2023-38653

7.0 HIGH

📋 TL;DR

This CVE describes integer overflow vulnerabilities in GTKWave's VZT file parser that can lead to memory corruption when processing specially crafted .vzt files. Attackers can exploit these vulnerabilities by tricking users into opening malicious files, potentially allowing arbitrary code execution. Users of GTKWave 3.3.115 are affected.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 specifically (and potentially earlier versions with the vulnerable code)
Operating Systems: Linux, Windows, macOS - any OS running GTKWave
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing .vzt files with num_time_ticks set to zero. All GTKWave installations with the vulnerable version are affected regardless of configuration.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running GTKWave, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR are effective.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly network exploitable.
🏢 Internal Only: MEDIUM - Users within an organization could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious .vzt file and convincing a user to open it. No authentication is needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in GTKWave versions after 3.3.115 (check specific vendor updates)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: Yes

Instructions:

1. Check current GTKWave version. 2. Update to latest version from official repository or vendor. 3. Restart GTKWave after update.

🔧 Temporary Workarounds

Restrict .vzt file handling

all

Configure system to open .vzt files with alternative applications or restrict execution of GTKWave

User awareness training

all

Train users not to open .vzt files from untrusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of GTKWave
  • Use sandboxing solutions to isolate GTKWave when processing untrusted files

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: Run 'gtkwave --version' or check installed package version

Check Version:

gtkwave --version

Verify Fix Applied:

Verify updated version is installed and test with known safe .vzt files

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crash logs
  • Application error messages related to memory corruption

Network Indicators:

  • Unusual file downloads preceding GTKWave crashes

SIEM Query:

Process:gtkwave AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2023-38653
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38653, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)