Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-35126

Опубликовано: 19 окт. 2023
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.00158
Низкий

7.8 High

CVSS3

Дефекты

CWE-129
CWE-787

Связанные уязвимости

github логотип

GHSA-c36p-pqfp-h5j2

CVSS3: 7.8
github
больше 2 лет назад

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

EPSS

Процентиль: 37%
0.00158
Низкий

7.8 High

CVSS3

Дефекты

CWE-129
CWE-787