CVE-2023-38128

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:12

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-19 18:15

Updated : 2024-11-21 08:12


NVD link : CVE-2023-38128

Mitre link : CVE-2023-38128

CVE.ORG link : CVE-2023-38128


JSON object : View

Products Affected

justsystems

  • ichitaro_government_9
  • ichitaro_2023
  • easy_postcard_max
  • ichitaro_pro_4
  • just_police_4
  • just_police_3
  • just_government_5
  • just_government_4
  • just_office_4
  • ichitaro_government_10
  • ichitaro_2021
  • just_office_3
  • just_office_5
  • ichitaro_pro_3
  • ichitaro_2022
  • ichitaro_pro_5
  • just_government_3
  • just_police_5
  • ichitaro_government_8
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-787

Out-of-bounds Write