CVE-2023-35989: 
NixOS vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2023-35989) exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. The vulnerability allows an attacker to achieve arbitrary code execution by tricking a victim into opening a specially crafted .lxt2 file (NVD, Talos).

The vulnerability occurs in the LXT2 file parsing functionality when processing compressed blocks. When handling blocks that don't start with the gzip magic number, the code attempts to decompress them directly using zlib. An integer overflow can occur during buffer size calculation when clen (compressed length) is 0x80000000, resulting in a buffer of insufficient size being allocated. This leads to an out-of-bounds write condition when reading the compressed data, which can be controlled by an attacker to achieve arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (Talos).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code on the targeted system with the privileges of the user running GTKWave. The vulnerability requires user interaction, as the victim needs to open a malicious .lxt2 file (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are advised to upgrade to this version or later. The fix has been included in various distribution security updates, including Debian 10 (Buster) version 3.3.98+really3.3.118-0+deb10u1 (Debian LTS).