Описание
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00177
Низкий
7.8 High
CVSS3
Дефекты
CWE-416
CWE-416
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.
EPSS
Процентиль: 39%
0.00177
Низкий
7.8 High
CVSS3
Дефекты
CWE-416
CWE-416