CVE-2023-38623: 
NixOS vulnerability analysis and mitigation

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. The vulnerability specifically affects the integer overflow when allocating the vindex_offset array. A victim would need to open a malicious .vzt file to trigger these vulnerabilities (Talos Report).

The vulnerability exists in the VZT facgeometry parsing functionality where the size of the vindex_offset array is calculated by multiplying numfacs by 4. When numfacs is larger than 0x40000000, this multiplication wraps around in 32-bit mode, resulting in a smaller allocation size than required. This is followed by a loop over numfacs which writes to the allocated buffers, leading to out-of-bounds writes on the heap. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (Talos Report).

The vulnerability can lead to arbitrary code execution when a specially crafted .vzt file is opened. By carefully manipulating heap allocations, the out-of-bounds writes can be used to overwrite pointers inside the data structure, which can then be exploited to write to arbitrary memory locations (Talos Report).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been included in various distribution updates including Debian 10 (buster) version 3.3.98+really3.3.118-0+deb10u1 (Debian LTS).