Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility.
Weakness
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gtkwave | Tonybybell | 3.3.115 (including) | 3.3.115 (including) |
| Gtkwave | Ubuntu | bionic | * |
| Gtkwave | Ubuntu | focal | * |
| Gtkwave | Ubuntu | lunar | * |
| Gtkwave | Ubuntu | mantic | * |
| Gtkwave | Ubuntu | oracular | * |
| Gtkwave | Ubuntu | plucky | * |
| Gtkwave | Ubuntu | trusty | * |
| Gtkwave | Ubuntu | xenial | * |
Potential Mitigations
References
- https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
- https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1806