CVE-2023-36747 in GTKWave
Summary
by MITRE • 01/08/2024
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/18/2025
The CVE-2023-36747 vulnerability represents a critical heap-based buffer overflow in GTKWave 3.3.115 that manifests within the fstReaderIterBlocks2 fstWritex len functionality. This vulnerability arises from improper memory handling when processing FST (Fast Signal Trace) files, specifically when the beg_time parameter fails to align with the start of the time table. The flaw exists in the software's ability to manage variable-length data structures during file parsing operations, creating opportunities for memory corruption that can be exploited through maliciously crafted FST files.
The technical implementation of this vulnerability stems from inadequate bounds checking within the fstWritex function when processing time table entries. When beg_time does not correspond to the beginning of the time table, the system attempts to write data to memory locations that exceed the allocated buffer boundaries. This condition creates a heap-based buffer overflow scenario where arbitrary data can overwrite adjacent memory regions, potentially leading to unpredictable behavior, application crashes, or more severe exploitation outcomes. The vulnerability is classified as CWE-121 Heap-based Buffer Overflow, which directly relates to insufficient validation of buffer sizes during dynamic memory allocation operations.
The operational impact of this vulnerability extends beyond simple memory corruption, as it creates potential pathways for privilege escalation and system compromise. An attacker who successfully crafts a malicious FST file could execute arbitrary code on a victim's system simply by opening the file with GTKWave, making this a significant threat vector in environments where users might encounter untrusted FST files. The attack surface is particularly concerning given that FST files are commonly used in electronic design automation and verification workflows, where users frequently open and analyze waveform data from various sources. This vulnerability aligns with ATT&CK technique T1203, which involves exploiting software vulnerabilities through malicious file execution.
Mitigation strategies for CVE-2023-36747 should prioritize immediate software updates to patched versions of GTKWave, as this represents the most effective defense against exploitation. Organizations should implement strict file validation procedures for FST files, particularly those received from untrusted sources, and consider deploying sandboxed environments for waveform analysis. Additionally, system administrators should monitor for suspicious file access patterns and implement network segmentation to limit the potential impact of successful exploitation attempts. The vulnerability underscores the importance of robust input validation and memory safety practices in signal tracing and waveform analysis software, particularly in environments where users may encounter untrusted binary data.