Debian dsa-5653 : gtkwave - security update

high Nessus Plugin ID 192900

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5653 advisory.

- An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-32650)

- An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-34087)

- An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-34436)

- An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35004)

- An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35057)

- An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35128)

- Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function. (CVE-2023-35702)

- Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function. (CVE-2023-35703)

- Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function. (CVE-2023-35704)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`. (CVE-2023-35955)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`. (CVE-2023-35956)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. (CVE-2023-35957)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`. (CVE-2023-35958)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression.
(CVE-2023-35959)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. (CVE-2023-35960)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. (CVE-2023-35961)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. (CVE-2023-35962)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility. (CVE-2023-35963)

- Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115.
A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility. (CVE-2023-35964)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. (CVE-2023-35969)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. (CVE-2023-35970)

- An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35989)

- An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-35992)

- Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part. (CVE-2023-35994)

- Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1. (CVE-2023-35995)

- Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0. (CVE-2023-35996)

- Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. (CVE-2023-35997)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table. (CVE-2023-36746)

- Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table.
(CVE-2023-36747)

- An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115.
A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-36861)

- An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-36864)

- Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array. (CVE-2023-36915)

- Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array. (CVE-2023-36916)

- An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-37282)

- Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code. (CVE-2023-37416)

- Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code. (CVE-2023-37417)

- Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. (CVE-2023-37418)

- Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37419)

- Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. (CVE-2023-37420)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code. (CVE-2023-37442)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's legacy VCD parsing code. (CVE-2023-37443)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's interactive VCD parsing code. (CVE-2023-37444)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. (CVE-2023-37445)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37446)

- Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. (CVE-2023-37447)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code. (CVE-2023-37573)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's legacy VCD parsing code. (CVE-2023-37574)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's interactive VCD parsing code. (CVE-2023-37575)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility. (CVE-2023-37576)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37577)

- Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility. (CVE-2023-37578)

- Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility. (CVE-2023-37921)

- Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility. (CVE-2023-37922)

- Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115.
A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. (CVE-2023-37923)

- A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-38583)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. (CVE-2023-38618)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. (CVE-2023-38619)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. (CVE-2023-38620)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. (CVE-2023-38621)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. (CVE-2023-38622)

- Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array. (CVE-2023-38623)

- Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. (CVE-2023-38648)

- Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. (CVE-2023-38649)

- Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. (CVE-2023-38650)

- Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. (CVE-2023-38651)

- Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. (CVE-2023-38652)

- Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. (CVE-2023-38653)

- An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. (CVE-2023-38657)

- Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of- bounds write when looping over `lt->numrealfacs`. (CVE-2023-39234)

- Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of- bounds write when looping over `lt->num_time_ticks`. (CVE-2023-39235)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. (CVE-2023-39270)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. (CVE-2023-39271)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. (CVE-2023-39272)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. (CVE-2023-39273)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. (CVE-2023-39274)

- Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array. (CVE-2023-39275)

- Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. (CVE-2023-39316)

- Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array. (CVE-2023-39317)

- Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. (CVE-2023-39413)

- Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. (CVE-2023-39414)

- Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. (CVE-2023-39443)

- Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. (CVE-2023-39444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the gtkwave packages.

See Also

https://security-tracker.debian.org/tracker/source-package/gtkwave

https://security-tracker.debian.org/tracker/CVE-2023-32650

https://security-tracker.debian.org/tracker/CVE-2023-34087

https://security-tracker.debian.org/tracker/CVE-2023-34436

https://security-tracker.debian.org/tracker/CVE-2023-35004

https://security-tracker.debian.org/tracker/CVE-2023-35057

https://security-tracker.debian.org/tracker/CVE-2023-35128

https://security-tracker.debian.org/tracker/CVE-2023-35702

https://security-tracker.debian.org/tracker/CVE-2023-35703

https://security-tracker.debian.org/tracker/CVE-2023-35704

https://security-tracker.debian.org/tracker/CVE-2023-35955

https://security-tracker.debian.org/tracker/CVE-2023-35956

https://security-tracker.debian.org/tracker/CVE-2023-35957

https://security-tracker.debian.org/tracker/CVE-2023-35958

https://security-tracker.debian.org/tracker/CVE-2023-35959

https://security-tracker.debian.org/tracker/CVE-2023-35960

https://security-tracker.debian.org/tracker/CVE-2023-35961

https://security-tracker.debian.org/tracker/CVE-2023-35962

https://security-tracker.debian.org/tracker/CVE-2023-35963

https://security-tracker.debian.org/tracker/CVE-2023-35964

https://security-tracker.debian.org/tracker/CVE-2023-35969

https://security-tracker.debian.org/tracker/CVE-2023-35970

https://security-tracker.debian.org/tracker/CVE-2023-35989

https://security-tracker.debian.org/tracker/CVE-2023-35992

https://security-tracker.debian.org/tracker/CVE-2023-35994

https://security-tracker.debian.org/tracker/CVE-2023-35995

https://security-tracker.debian.org/tracker/CVE-2023-35996

https://security-tracker.debian.org/tracker/CVE-2023-35997

https://security-tracker.debian.org/tracker/CVE-2023-36746

https://security-tracker.debian.org/tracker/CVE-2023-36747

https://security-tracker.debian.org/tracker/CVE-2023-36861

https://security-tracker.debian.org/tracker/CVE-2023-36864

https://security-tracker.debian.org/tracker/CVE-2023-36915

https://security-tracker.debian.org/tracker/CVE-2023-36916

https://security-tracker.debian.org/tracker/CVE-2023-37282

https://security-tracker.debian.org/tracker/CVE-2023-37416

https://security-tracker.debian.org/tracker/CVE-2023-37417

https://security-tracker.debian.org/tracker/CVE-2023-37418

https://security-tracker.debian.org/tracker/CVE-2023-37419

https://security-tracker.debian.org/tracker/CVE-2023-37420

https://security-tracker.debian.org/tracker/CVE-2023-37442

https://security-tracker.debian.org/tracker/CVE-2023-37443

https://security-tracker.debian.org/tracker/CVE-2023-37444

https://security-tracker.debian.org/tracker/CVE-2023-37445

https://security-tracker.debian.org/tracker/CVE-2023-37446

https://security-tracker.debian.org/tracker/CVE-2023-37447

https://security-tracker.debian.org/tracker/CVE-2023-37573

https://security-tracker.debian.org/tracker/CVE-2023-37574

https://security-tracker.debian.org/tracker/CVE-2023-37575

https://security-tracker.debian.org/tracker/CVE-2023-37576

https://security-tracker.debian.org/tracker/CVE-2023-37577

https://security-tracker.debian.org/tracker/CVE-2023-37578

https://security-tracker.debian.org/tracker/CVE-2023-37921

https://security-tracker.debian.org/tracker/CVE-2023-37922

https://security-tracker.debian.org/tracker/CVE-2023-37923

https://security-tracker.debian.org/tracker/CVE-2023-38583

https://security-tracker.debian.org/tracker/CVE-2023-38618

https://security-tracker.debian.org/tracker/CVE-2023-38619

https://security-tracker.debian.org/tracker/CVE-2023-38620

https://security-tracker.debian.org/tracker/CVE-2023-38621

https://security-tracker.debian.org/tracker/CVE-2023-38622

https://security-tracker.debian.org/tracker/CVE-2023-38623

https://security-tracker.debian.org/tracker/CVE-2023-38648

https://security-tracker.debian.org/tracker/CVE-2023-38649

https://security-tracker.debian.org/tracker/CVE-2023-38650

https://security-tracker.debian.org/tracker/CVE-2023-38651

https://security-tracker.debian.org/tracker/CVE-2023-38652

https://security-tracker.debian.org/tracker/CVE-2023-38653

https://security-tracker.debian.org/tracker/CVE-2023-38657

https://security-tracker.debian.org/tracker/CVE-2023-39234

https://security-tracker.debian.org/tracker/CVE-2023-39235

https://security-tracker.debian.org/tracker/CVE-2023-39270

https://security-tracker.debian.org/tracker/CVE-2023-39271

https://security-tracker.debian.org/tracker/CVE-2023-39272

https://security-tracker.debian.org/tracker/CVE-2023-39273

https://security-tracker.debian.org/tracker/CVE-2023-39274

https://security-tracker.debian.org/tracker/CVE-2023-39275

https://security-tracker.debian.org/tracker/CVE-2023-39316

https://security-tracker.debian.org/tracker/CVE-2023-39317

https://security-tracker.debian.org/tracker/CVE-2023-39413

https://security-tracker.debian.org/tracker/CVE-2023-39414

https://security-tracker.debian.org/tracker/CVE-2023-39443

https://security-tracker.debian.org/tracker/CVE-2023-39444

https://packages.debian.org/source/bookworm/gtkwave

https://packages.debian.org/source/bullseye/gtkwave

Plugin Details

Severity: High

ID: 192900

File Name: debian_DSA-5653.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/3/2024

Updated: 4/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-39444

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:gtkwave

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2024

Vulnerability Publication Date: 1/8/2024

Reference Information

CVE: CVE-2023-32650, CVE-2023-34087, CVE-2023-34436, CVE-2023-35004, CVE-2023-35057, CVE-2023-35128, CVE-2023-35702, CVE-2023-35703, CVE-2023-35704, CVE-2023-35955, CVE-2023-35956, CVE-2023-35957, CVE-2023-35958, CVE-2023-35959, CVE-2023-35960, CVE-2023-35961, CVE-2023-35962, CVE-2023-35963, CVE-2023-35964, CVE-2023-35969, CVE-2023-35970, CVE-2023-35989, CVE-2023-35992, CVE-2023-35994, CVE-2023-35995, CVE-2023-35996, CVE-2023-35997, CVE-2023-36746, CVE-2023-36747, CVE-2023-36861, CVE-2023-36864, CVE-2023-36915, CVE-2023-36916, CVE-2023-37282, CVE-2023-37416, CVE-2023-37417, CVE-2023-37418, CVE-2023-37419, CVE-2023-37420, CVE-2023-37442, CVE-2023-37443, CVE-2023-37444, CVE-2023-37445, CVE-2023-37446, CVE-2023-37447, CVE-2023-37573, CVE-2023-37574, CVE-2023-37575, CVE-2023-37576, CVE-2023-37577, CVE-2023-37578, CVE-2023-37921, CVE-2023-37922, CVE-2023-37923, CVE-2023-38583, CVE-2023-38618, CVE-2023-38619, CVE-2023-38620, CVE-2023-38621, CVE-2023-38622, CVE-2023-38623, CVE-2023-38648, CVE-2023-38649, CVE-2023-38650, CVE-2023-38651, CVE-2023-38652, CVE-2023-38653, CVE-2023-38657, CVE-2023-39234, CVE-2023-39235, CVE-2023-39270, CVE-2023-39271, CVE-2023-39272, CVE-2023-39273, CVE-2023-39274, CVE-2023-39275, CVE-2023-39316, CVE-2023-39317, CVE-2023-39413, CVE-2023-39414, CVE-2023-39443, CVE-2023-39444