CVE-2023-39275: 
NixOS vulnerability analysis and mitigation

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. The vulnerability (CVE-2023-39275) specifically concerns the integer overflow when allocating the value array. A victim would need to open a malicious file to trigger these vulnerabilities (NVD, Talos).

The vulnerability occurs in the LXT2 facgeometry parsing functionality where the size for the value array allocation may wrap around in 32-bit mode, leading to an out-of-bounds write. When numfacs is bigger than 0x40000000, the multiplication will wrap around in 32-bit mode, resulting in calling malloc with a smaller size. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos).

The vulnerability can lead to arbitrary code execution when a specially crafted .lxt2 file is opened. The out-of-bounds writes can be used to overwrite pointers inside lt, which can in turn be used to write to arbitrary locations (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are recommended to upgrade to this version or later. The fix has been included in various distribution updates including Debian 10 (buster) version 3.3.98+really3.3.118-0+deb10u1 (Debian LTS).