CVE-2023-34366

2023-10-1917:00:43

CWE-416

talos

www.cve.org

use-after-free

figure stream parsing

memory corruption

arbitrary code execution

malicious file

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.0%

JSON

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Ichitaro 2023",
    "product": "Ichitaro 2023",
    "versions": [
      {
        "version": "1.0.1.59372",
        "status": "affected"
      }
    ]
  }
]