CVE-2023-35995: 
NixOS vulnerability analysis and mitigation

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability specifically concerns the tdelta indexing when signal_lens is 1 (NIST NVD).

The vulnerability is classified as CWE-129 (Improper Validation of Array Index) with a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue occurs in the fstReaderIterBlocks2 function where tdelta is used to index into the tc_head array without proper bounds checking, potentially leading to out-of-bounds write operations in the heap (Talos).

The vulnerability can lead to arbitrary code execution when a victim opens a specially crafted malicious .fst file. The attack requires local access and user interaction, but no privileges are needed to execute the exploit. The vulnerability affects confidentiality, integrity, and availability, all with high severity ratings (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been backported to various distributions, including Debian 10 (buster) as version 3.3.98+really3.3.118-0+deb10u1 (Debian LTS).