CVE-2023-35994: 
NixOS vulnerability analysis and mitigation

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability specifically concerns the tdelta initialization part (Talos).

The vulnerability exists in the fstReaderIterBlocks2 function where tdelta is used to index into the tc_head array without proper bounds checking. The issue occurs when processing VCDATA blocks, where tdelta values are extracted from the file and used directly as array indices. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The weakness has been classified as CWE-129: Improper Validation of Array Index (Talos, NVD).

The vulnerability can lead to arbitrary code execution through heap buffer overflow when processing specially crafted .fst files. The attack requires user interaction as the victim needs to open a malicious file to trigger the vulnerability (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been included in various distribution security updates, including Debian 10 (buster), Debian 11 (bullseye), and Debian 12 (bookworm) (Debian LTS).