CVE-2023-38649: 
NixOS vulnerability analysis and mitigation

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. This vulnerability specifically concerns the out-of-bounds write performed by the string copy loop (NVD, Talos).

The vulnerability exists in the VZT vzt_rd_get_facname decompression functionality where buffers bufprev and bufcurr are allocated with a size of longestname + 1, which is a field defined in the input file. However, the size of these buffers is never taken into consideration when writing to them, allowing loops to write out-of-bounds in the heap. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos).

If exploited, this vulnerability can lead to arbitrary code execution on the target system. The vulnerability requires user interaction, as a victim would need to open a malicious .vzt file to trigger the vulnerability (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been included in various distribution updates including Debian 10 (buster), Debian 11 (bullseye), and Debian 12 (bookworm) (Debian LTS, Debian Security).