Описание
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.0018
Низкий
7.8 High
CVSS3
Дефекты
CWE-190
CWE-190
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
EPSS
Процентиль: 40%
0.0018
Низкий
7.8 High
CVSS3
Дефекты
CWE-190
CWE-190