CVE-2023-39274 – CVE-2023-39274 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-39274?

CVE-2023-39274 has a CVSS score of 7.8 (HIGH). CVE-2023-39274 is an integer overflow vulnerability in GTKWave's LXT2 file parser that allows arbitrary code execution when a user opens a malicious .lxt2 file. This affects users of GTKWave version 3.3.115 who process waveform data files. Attackers can craft malicious files to trigger memory corruption and execute arbitrary code on the victim's system.

📋 TL;DR

CVE-2023-39274 is an integer overflow vulnerability in GTKWave's LXT2 file parser that allows arbitrary code execution when a user opens a malicious .lxt2 file. This affects users of GTKWave version 3.3.115 who process waveform data files. Attackers can craft malicious files to trigger memory corruption and execute arbitrary code on the victim's system.

💻 Affected Systems

Products:

GTKWave

Versions: 3.3.115

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any system running vulnerable GTKWave version that processes .lxt2 files is affected. The vulnerability is in the LXT2 facgeometry parsing functionality.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running GTKWave, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user opening the malicious file, potentially leading to data exfiltration or malware installation.

🟢

If Mitigated

Denial of service or application crash if exploit fails or is detected by security controls.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Could be exploited via phishing, shared drives, or compromised internal systems where users open .lxt2 files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious .lxt2 file and convincing a user to open it. No public exploit code has been identified in the references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.116 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Check current GTKWave version. 2. Download and install GTKWave 3.3.116 or later from official sources. 3. Verify installation by checking version. 4. Remove any older vulnerable versions.

🔧 Temporary Workarounds

Disable LXT2 file processing

all

Prevent GTKWave from opening .lxt2 files by removing file association or using application controls.

# Linux: chmod -x /path/to/gtkwave (if only used for specific file types)
# Windows: Use Group Policy to block .lxt2 file execution

Sandbox GTKWave execution

all

Run GTKWave in a sandboxed environment to limit potential damage from malicious files.

# Linux: firejail --net=none gtkwave
# Windows: Use Windows Sandbox or similar virtualization

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of GTKWave
Use email/web filtering to block .lxt2 attachments and educate users about the risk

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: 'gtkwave --version' should show 3.3.115 or earlier

Check Version:

gtkwave --version

Verify Fix Applied:

After update, 'gtkwave --version' should show 3.3.116 or later

📡 Detection & Monitoring

Log Indicators:

GTKWave crash logs with memory corruption errors
Unexpected process creation from GTKWave

Network Indicators:

Outbound connections from GTKWave process to suspicious IPs

SIEM Query:

Process Creation where Image contains 'gtkwave' AND ParentImage NOT IN ('explorer.exe', 'bash', 'terminal')

📊 Metadata

CVE ID: CVE-2023-39274

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: January 8, 2024

Last Updated: November 4, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1818

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39274, you might also want to check these: