CVE-2022-43664

2023-04-0516:15:07

CWE-416

[email protected]

web.nvd.nist.gov

cve-2022-43664

ichitaro word processor

use-after-free vulnerability

memory corruption

arbitrary code execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

49.8%

JSON

A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

ichitaroichitaroRange≤2022 1.0.1.57600

VendorProductVersionCPE
ichitaroichitaro*cpe:2.3:a:ichitaro:ichitaro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ichitaro	ichitaro	*	cpe:2.3:a:ichitaro:ichitaro::::::::

CNA Affected

[
  {
    "vendor": "Ichitaro",
    "product": "Ichitaro",
    "versions": [
      {
        "version": "2022 1.0.1.57600",
        "status": "affected"
      }
    ]
  }
]