CVE-2023-35126
19.10.2023, 17:15
An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| justsystems | easy_postcard_max | - |
| justsystems | ichitaro_2021 | - |
| justsystems | ichitaro_2022 | - |
| justsystems | ichitaro_2023 | 1.0.1.59372 |
| justsystems | ichitaro_government_10 | - |
| justsystems | ichitaro_government_8 | - |
| justsystems | ichitaro_government_9 | - |
| justsystems | ichitaro_pro_3 | - |
| justsystems | ichitaro_pro_4 | - |
| justsystems | ichitaro_pro_5 | - |
| justsystems | just_government_3 | - |
| justsystems | just_government_4 | - |
| justsystems | just_government_5 | - |
| justsystems | just_office_3 | - |
| justsystems | just_office_4 | - |
| justsystems | just_office_5 | - |
| justsystems | just_police_3 | - |
| justsystems | just_police_4 | - |
| justsystems | just_police_5 | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-129 - Improper Validation of Array IndexThe product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References