{"id":36183,"date":"2025-05-08T04:40:52","date_gmt":"2025-05-08T04:40:52","guid":{"rendered":""},"modified":"2025-10-03T06:13:48","modified_gmt":"2025-10-03T12:13:48","slug":"cve-2023-36861-out-of-bounds-write-vulnerability-in-gtkwave-3-3-115","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-36861-out-of-bounds-write-vulnerability-in-gtkwave-3-3-115\/","title":{"rendered":"<strong>CVE-2023-36861: Out-of-Bounds Write Vulnerability in GTKWave 3.3.115<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The Common Vulnerabilities and Exposures (CVE) system has identified an out-of-bounds write vulnerability in the VZT LZMA_read_varint function of GTKWave version 3.3.115. This vulnerability, designated as CVE-2023-36861, is particularly severe as it can potentially lead to arbitrary code execution. What this means is that an attacker could take <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43564-improper-access-control-vulnerability-in-coldfusion-leading-to-arbitrary-file-system-read\/\"  data-wpil-monitor-id=\"49400\">control of the affected system<\/a>, compromising its integrity and confidentiality. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-40367-critical-vulnerability-in-syngo-fastview-allows-potential-system-compromise\/\"  data-wpil-monitor-id=\"40935\">vulnerability impacts any system<\/a> running the affected version of GTKWave, which is widely used for viewing waveforms from digital circuits.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2023-36861<br \/>\nSeverity: High (7.8 CVSS Score)<br \/>\nAttack Vector: .vzt file<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34322-inadequate-precaution-in-xen-s-shadow-paging-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"40977\">Potential system<\/a> compromise and data leakage.<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3829220655\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>GTKWave | 3.3.115<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-35004-critical-integer-overflow-vulnerability-in-gtkwave-3-3-115\/\"  data-wpil-monitor-id=\"41059\">vulnerability lies within the VZT LZMA_read_varint functionality of GTKWave<\/a>. An attacker can exploit this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39470-path-traversal-vulnerability-in-thimpress-ivy-school-leading-to-php-local-file-inclusion\/\"  data-wpil-monitor-id=\"40900\">vulnerability by crafting a malicious .vzt file<\/a>. When this file is opened by a victim in GTKWave, it triggers an <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34436-critical-out-of-bounds-write-vulnerability-in-gtkwave-3-3-115\/\"  data-wpil-monitor-id=\"41029\">out-of-bounds write<\/a> error. This error can then be leveraged to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46616-arbitrary-remote-code-execution-vulnerability-in-quantum-stornext-web-gui-api\/\"  data-wpil-monitor-id=\"40877\">execute arbitrary code<\/a> on the victim&#8217;s system. The exact technical details of this process can vary depending on the specific implementation of the exploit, but the general method involves manipulating the data within the .vzt file in such a <a href=\"https:\/\/www.ameeba.com\/blog\/ua-little-rock-cybersecurity-program-paving-the-way-to-a-secure-digital-future\/\"  data-wpil-monitor-id=\"49401\">way that it causes the program<\/a> to write to an unintended memory location.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1403498552\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Below is a simplified conceptual example of how the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47154-exploitation-of-use-after-free-vulnerability-in-libjs-in-ladybird\/\"  data-wpil-monitor-id=\"47507\">vulnerability could be exploited<\/a>. This pseudocode demonstrates how a .vzt file could be <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24189-memory-corruption-vulnerability-due-to-maliciously-crafted-web-content-in-various-operating-systems\/\"  data-wpil-monitor-id=\"88183\">maliciously crafted<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\"># Pseudocode for crafting a malicious .vzt file\nfile = open(&quot;malicious.vzt&quot;, &quot;wb&quot;)\n# Write data to the file that will trigger an out-of-bounds write in GTKWave\nfile.write(b&#039;crafted_data_that_causes_out_of_bounds_write&#039;)\n# Write the arbitrary code that will be executed\nfile.write(b&#039;arbitrary_code_to_execute&#039;)\nfile.close()<\/code><\/pre>\n<p>It should be noted that the actual exploit would be much more complex and require a deep understanding of the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7028-exploiting-the-software-smi-handler-vulnerability\/\"  data-wpil-monitor-id=\"88182\">GTKWave<\/a> software and the system it is running on.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>To mitigate this vulnerability, users of GTKWave should apply the vendor-released patch as soon as possible. If that is not immediately possible, temporary mitigation can be achieved by using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-21310-windows-cloud-files-mini-filter-driver-elevation-of-privilege-vulnerability\/\"  data-wpil-monitor-id=\"47506\">filter out malicious .vzt files<\/a>. However, these measures should not be relied upon as a long-term solution. They are only meant to provide temporary relief until the official patch can be applied.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The Common Vulnerabilities and Exposures (CVE) system has identified an out-of-bounds write vulnerability in the VZT LZMA_read_varint function of GTKWave version 3.3.115. This vulnerability, designated as CVE-2023-36861, is particularly severe as it can potentially lead to arbitrary code execution. What this means is that an attacker could take control of the affected system, compromising [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[86,80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-36183","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-buffer-overflow","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/36183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=36183"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/36183\/revisions"}],"predecessor-version":[{"id":80997,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/36183\/revisions\/80997"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=36183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=36183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=36183"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=36183"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=36183"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=36183"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=36183"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=36183"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=36183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}