Login Sign Up

CVE-2023-39316

7.8 HIGH

📋 TL;DR

CVE-2023-39316 is an integer overflow vulnerability in GTKWave's LXT2 file parser that can lead to arbitrary code execution when processing malicious .lxt2 files. Users who open specially crafted waveform files with vulnerable GTKWave versions are affected. This vulnerability requires user interaction to trigger.

💻 Affected Systems

Products:
  • GTKWave
Versions: Version 3.3.115 and potentially earlier versions
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations that process .lxt2 files are vulnerable. The vulnerability is in the core LXT2 parser functionality.

📦 What is this software?

Gtkwave by Tonybybell

View all CVEs affecting Gtkwave →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running GTKWave, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user opening the malicious file, potentially leading to data exfiltration or malware installation.

🟢

If Mitigated

Limited impact due to sandboxing, file type restrictions, or user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - Requires user to download and open a malicious file, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting a malicious .lxt2 file that triggers integer overflow in num_dict_entries allocation. Requires victim to open the file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.3.115 (check GTKWave updates)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html

Restart Required: No

Instructions:

1. Update GTKWave to latest version from official sources. 2. Verify version is newer than 3.3.115. 3. For Debian systems: apt update && apt upgrade gtkwave.

🔧 Temporary Workarounds

Disable LXT2 file processing

all

Prevent GTKWave from opening .lxt2 files by removing file association or using application restrictions.

Sandbox GTKWave execution

linux

Run GTKWave in a sandboxed environment to limit potential damage from exploitation.

🧯 If You Can't Patch

  • Restrict .lxt2 file opening to trusted sources only
  • Implement application whitelisting to prevent unauthorized GTKWave execution

🔍 How to Verify

Check if Vulnerable:

Check GTKWave version: gtkwave --version. If version is 3.3.115 or earlier, system is vulnerable.

Check Version:

gtkwave --version

Verify Fix Applied:

Verify GTKWave version is newer than 3.3.115 and test opening known safe .lxt2 files.

📡 Detection & Monitoring

Log Indicators:

  • GTKWave crashes when opening .lxt2 files
  • Unusual memory allocation patterns in process monitoring

Network Indicators:

  • Download of .lxt2 files from untrusted sources

SIEM Query:

Process:gtkwave AND (FileExtension:.lxt2 OR CrashDetected:true)

📊 Metadata

CVE ID: CVE-2023-39316
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39316, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)