Vulnerabilities > CVE-2023-34366 - Use After Free vulnerability in Justsystems products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

justsystems

CWE-416

NVD

Published: 2023-10-19

Updated: 2023-10-25

Summary

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Justsystems Justsystems Ichitaro Government 8 - Justsystems Ichitaro PRO 3 - Justsystems Ichitaro 2022 - Justsystems Ichitaro 2021 - Justsystems Easy Postcard MAX - Justsystems Just Office 5 - Justsystems Just Office 4 - Justsystems Just Office 3 - Justsystems Just Government 5 - Justsystems Just Government 4 - Justsystems Just Government 3 - Justsystems Just Police 5 - Justsystems Just Police 4 - Justsystems Just Police 3 - Justsystems Ichitaro PRO 5 - Justsystems Ichitaro PRO 4 - Justsystems Ichitaro Government 10 - Justsystems Ichitaro Government 9 - Justsystems Ichitaro 2023 1.0.1.59372	19

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References