Lucene search

TalosCVE-2023-34366

HistoryOct 19, 2023 - 6:15 p.m.

CVE-2023-34366

2023-10-1918:15:08

CWE-416

talos

web.nvd.nist.gov

cve-2023-34366

ichitaro

vulnerability

use-after-free

memory corruption

arbitrary code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

justsystemseasy_postcard_maxMatch-

justsystemsichitaro_2021Match-

justsystemsichitaro_2022Match-

justsystemsichitaro_2023Match1.0.1.59372

justsystemsichitaro_government_10Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_government_9Match-

justsystemsichitaro_pro_3Match-

justsystemsichitaro_pro_4Match-

justsystemsichitaro_pro_5Match-

justsystemsjust_government_3Match-

justsystemsjust_government_4Match-

justsystemsjust_government_5Match-

justsystemsjust_office_3Match-

justsystemsjust_office_4Match-

justsystemsjust_office_5Match-

justsystemsjust_police_3Match-

justsystemsjust_police_4Match-

justsystemsjust_police_5Match-

VendorProductVersionCPE
justsystemseasy_postcard_max-cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystemsichitaro_2021-cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystemsichitaro_2022-cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystemsichitaro_20231.0.1.59372cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystemsichitaro_government_10-cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystemsichitaro_government_9-cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_3-cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_4-cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_5-cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_max	-	cpe:2.3:a:justsystems:easy_postcard_max:-:::::::*
justsystems	ichitaro_2021	-	cpe:2.3:a:justsystems:ichitaro_2021:-:::::::*
justsystems	ichitaro_2022	-	cpe:2.3:a:justsystems:ichitaro_2022:-:::::::*
justsystems	ichitaro_2023	1.0.1.59372	cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:::::::*
justsystems	ichitaro_government_10	-	cpe:2.3:a:justsystems:ichitaro_government_10:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
justsystems	ichitaro_government_9	-	cpe:2.3:a:justsystems:ichitaro_government_9:-:::::::*
justsystems	ichitaro_pro_3	-	cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*
justsystems	ichitaro_pro_4	-	cpe:2.3:a:justsystems:ichitaro_pro_4:-:::::::*
justsystems	ichitaro_pro_5	-	cpe:2.3:a:justsystems:ichitaro_pro_5:-:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "vendor": "Ichitaro 2023",
    "product": "Ichitaro 2023",
    "versions": [
      {
        "version": "1.0.1.59372",
        "status": "affected"
      }
    ]
  }
]