Lucene search

TalosCVE-2023-35126

HistoryOct 19, 2023 - 5:15 p.m.

CVE-2023-35126

2023-10-1917:15:10

CWE-787

CWE-129

talos

web.nvd.nist.gov

cve-2023-35126

ichitaro

out-of-bounds write

arbitrary code execution

memory corruption

document processing

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

An out-of-bounds write vulnerability exists within the parsers for both the “DocumentViewStyles” and “DocumentEditStyles” streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

justsystemseasy_postcard_maxMatch-

justsystemsichitaro_2021Match-

justsystemsichitaro_2022Match-

justsystemsichitaro_2023Match1.0.1.59372

justsystemsichitaro_government_10Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_government_9Match-

justsystemsichitaro_pro_3Match-

justsystemsichitaro_pro_4Match-

justsystemsichitaro_pro_5Match-

justsystemsjust_government_3Match-

justsystemsjust_government_4Match-

justsystemsjust_government_5Match-

justsystemsjust_office_3Match-

justsystemsjust_office_4Match-

justsystemsjust_office_5Match-

justsystemsjust_police_3Match-

justsystemsjust_police_4Match-

justsystemsjust_police_5Match-

VendorProductVersionCPE
justsystemseasy_postcard_max-cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystemsichitaro_2021-cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystemsichitaro_2022-cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystemsichitaro_20231.0.1.59372cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystemsichitaro_government_10-cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystemsichitaro_government_9-cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_3-cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_4-cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_5-cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_max	-	cpe:2.3:a:justsystems:easy_postcard_max:-:::::::*
justsystems	ichitaro_2021	-	cpe:2.3:a:justsystems:ichitaro_2021:-:::::::*
justsystems	ichitaro_2022	-	cpe:2.3:a:justsystems:ichitaro_2022:-:::::::*
justsystems	ichitaro_2023	1.0.1.59372	cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:::::::*
justsystems	ichitaro_government_10	-	cpe:2.3:a:justsystems:ichitaro_government_10:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
justsystems	ichitaro_government_9	-	cpe:2.3:a:justsystems:ichitaro_government_9:-:::::::*
justsystems	ichitaro_pro_3	-	cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*
justsystems	ichitaro_pro_4	-	cpe:2.3:a:justsystems:ichitaro_pro_4:-:::::::*
justsystems	ichitaro_pro_5	-	cpe:2.3:a:justsystems:ichitaro_pro_5:-:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "vendor": "Ichitaro 2023",
    "product": "Ichitaro 2023",
    "versions": [
      {
        "version": "1.0.1.59372",
        "status": "affected"
      }
    ]
  }
]