CVE-2023-39270: 
NixOS vulnerability analysis and mitigation

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. The vulnerability, identified as CVE-2023-39270, specifically concerns the integer overflow when allocating the rows array. A victim would need to open a malicious .lxt2 file to trigger these vulnerabilities (Talos, NVD).

The vulnerability occurs in the LXT2 facgeometry parsing functionality where the size for the rows array allocation may wrap around, leading to an out-of-bounds write. The issue affects 32-bit mode when numfacs is bigger than 0x40000000, causing the multiplication to wrap around and resulting in malloc being called with a smaller size. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos).

The vulnerability can lead to arbitrary code execution when a specially crafted .lxt2 file is opened. The out-of-bounds writes on heap can be used to overwrite pointers inside lt, which can in turn be used to write to arbitrary locations (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been included in various distribution updates including Debian 10 (buster), Debian 11 (bullseye), and Debian 12 (bookworm) (Debian LTS, DSA-5653-1).