CVE-2023-36916: 
NixOS vulnerability analysis and mitigation

Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability specifically concerns the allocation of the chain_table_lengths array (Talos).

The vulnerability exists in the chain_table_lengths allocation process within the fstReaderIterBlocks2 functionality. By not checking the value of vc_maxhandle, the calculation may overflow (or the calloc calculation may overflow). The loop controlled by an independent value chain_clen can be used to control the amount of bytes written in the heap, while the contents are controlled with varints. The vulnerability has a CVSS v3.1 Base Score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system. The vulnerability affects GTKWave version 3.3.115 and has been confirmed to have high impacts on confidentiality, integrity, and availability (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are advised to upgrade to this version or later. Multiple distributions have also released security updates to address this vulnerability, including Debian which has released fixes for both Debian 10 (buster) and Debian 11 (bullseye) (Debian LTS).