CVE-2023-39413 HIGH

CVE-2023-39413

Vendor Gtkwave
Product GTKWave
Weakness CWE-191
Published January 8, 2024
Last update November 4, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
November 4, 2025 Record updated