CVE-2023-38128
19.10.2023, 18:15
An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
| Vendor | Product | Version |
|---|---|---|
| justsystems | easy_postcard_max | - |
| justsystems | ichitaro_2021 | - |
| justsystems | ichitaro_2022 | - |
| justsystems | ichitaro_2023 | 1.0.1.59372 |
| justsystems | ichitaro_government_10 | - |
| justsystems | ichitaro_government_8 | - |
| justsystems | ichitaro_government_9 | - |
| justsystems | ichitaro_pro_3 | - |
| justsystems | ichitaro_pro_4 | - |
| justsystems | ichitaro_pro_5 | - |
| justsystems | just_government_3 | - |
| justsystems | just_government_4 | - |
| justsystems | just_government_5 | - |
| justsystems | just_office_3 | - |
| justsystems | just_office_4 | - |
| justsystems | just_office_5 | - |
| justsystems | just_police_3 | - |
| justsystems | just_police_4 | - |
| justsystems | just_police_5 | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References