Lucene search

[email protected]NVD:CVE-2023-35126

HistoryOct 19, 2023 - 5:15 p.m.

CVE-2023-35126

2023-10-1917:15:10

CWE-129

CWE-787

[email protected]

web.nvd.nist.gov

out-of-bounds write

ichitaro 2023

memory corruption

arbitrary code execution

document processing

cve-2023-35126

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.8%

JSON

An out-of-bounds write vulnerability exists within the parsers for both the “DocumentViewStyles” and “DocumentEditStyles” streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Node

justsystemseasy_postcard_maxMatch-

justsystemsichitaro_2021Match-

justsystemsichitaro_2022Match-

justsystemsichitaro_2023Match1.0.1.59372

justsystemsichitaro_government_10Match-

justsystemsichitaro_government_8Match-

justsystemsichitaro_government_9Match-

justsystemsichitaro_pro_3Match-

justsystemsichitaro_pro_4Match-

justsystemsichitaro_pro_5Match-

justsystemsjust_government_3Match-

justsystemsjust_government_4Match-

justsystemsjust_government_5Match-

justsystemsjust_office_3Match-

justsystemsjust_office_4Match-

justsystemsjust_office_5Match-

justsystemsjust_police_3Match-

justsystemsjust_police_4Match-

justsystemsjust_police_5Match-

VendorProductVersionCPE
justsystemseasy_postcard_max-cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
justsystemsichitaro_2021-cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
justsystemsichitaro_2022-cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
justsystemsichitaro_20231.0.1.59372cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
justsystemsichitaro_government_10-cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
justsystemsichitaro_government_8-cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
justsystemsichitaro_government_9-cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_3-cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_4-cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
justsystemsichitaro_pro_5-cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
justsystems	easy_postcard_max	-	cpe:2.3:a:justsystems:easy_postcard_max:-:::::::*
justsystems	ichitaro_2021	-	cpe:2.3:a:justsystems:ichitaro_2021:-:::::::*
justsystems	ichitaro_2022	-	cpe:2.3:a:justsystems:ichitaro_2022:-:::::::*
justsystems	ichitaro_2023	1.0.1.59372	cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:::::::*
justsystems	ichitaro_government_10	-	cpe:2.3:a:justsystems:ichitaro_government_10:-:::::::*
justsystems	ichitaro_government_8	-	cpe:2.3:a:justsystems:ichitaro_government_8:-:::::::*
justsystems	ichitaro_government_9	-	cpe:2.3:a:justsystems:ichitaro_government_9:-:::::::*
justsystems	ichitaro_pro_3	-	cpe:2.3:a:justsystems:ichitaro_pro_3:-:::::::*
justsystems	ichitaro_pro_4	-	cpe:2.3:a:justsystems:ichitaro_pro_4:-:::::::*
justsystems	ichitaro_pro_5	-	cpe:2.3:a:justsystems:ichitaro_pro_5:-:::::::*