Lucene search

TalosCVE-2023-38128

HistoryOct 19, 2023 - 6:15 p.m.

CVE-2023-38128

2023-10-1918:15:09

CWE-843

CWE-787

talos

web.nvd.nist.gov

cve-2023-38128

ichitaro

hyperlinkframe

out-of-bounds write

vulnerability

memory corruption

arbitrary code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

An out-of-bounds write vulnerability exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

justsystemseasy_postcard_maxMatch-

justsystemsichitaro_2021Match-

justsystemsichitaro_2022Match-

justsystemsichitaro_2023Match1.0.1.59372

justsystemsichitaro_government_10Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_government_9Match-

justsystemsichitaro_pro_3Match-

justsystemsichitaro_pro_4Match-

justsystemsichitaro_pro_5Match-

justsystemsjust_government_3Match-

justsystemsjust_government_4Match-

justsystemsjust_government_5Match-

justsystemsjust_office_3Match-

justsystemsjust_office_4Match-

justsystemsjust_office_5Match-

justsystemsjust_police_3Match-

justsystemsjust_police_4Match-

justsystemsjust_police_5Match-

VendorProductVersionCPE
justsystemseasy_postcard_max-cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystemsichitaro_2021-cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystemsichitaro_2022-cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystemsichitaro_20231.0.1.59372cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystemsichitaro_government_10-cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystemsichitaro_government_9-cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_3-cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_4-cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_5-cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_max	-	cpe:2.3:a:justsystems:easy_postcard_max:-:::::::*
justsystems	ichitaro_2021	-	cpe:2.3:a:justsystems:ichitaro_2021:-:::::::*
justsystems	ichitaro_2022	-	cpe:2.3:a:justsystems:ichitaro_2022:-:::::::*
justsystems	ichitaro_2023	1.0.1.59372	cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:::::::*
justsystems	ichitaro_government_10	-	cpe:2.3:a:justsystems:ichitaro_government_10:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
justsystems	ichitaro_government_9	-	cpe:2.3:a:justsystems:ichitaro_government_9:-:::::::*
justsystems	ichitaro_pro_3	-	cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*
justsystems	ichitaro_pro_4	-	cpe:2.3:a:justsystems:ichitaro_pro_4:-:::::::*
justsystems	ichitaro_pro_5	-	cpe:2.3:a:justsystems:ichitaro_pro_5:-:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "vendor": "Ichitaro 2023",
    "product": "Ichitaro 2023",
    "versions": [
      {
        "version": "1.0.1.59372",
        "status": "affected"
      }
    ]
  }
]