5 matches found
CVE-2022-36344
CVE-2022-36344 describes an unquoted search path vulnerability in JustSystems JUST Online Update for J-License, bundled with various corporate products (Ichitaro through Pro5 and others). The root cause is an unquoted file path used to start a secondary program from the Windows service, enabling ...
CVE-2023-34366
CVE-2023-34366 affects Ichitaro 2023 Word Processor (JustSystems). Cisco Talos documents a use-after-free in the Figure stream parsing for the DocumentViewStyles/DocumentEditStyles streams, leading to memory corruption and potential arbitrary code execution when a malicious file is opened. Techni...
CVE-2023-35126
CVE-2023-35126 affects JustSystems Ichitaro 2023 where the vulnerability resides in the parsing of the DocumentViewStyles and DocumentEditStyles streams (record type 0x2008). The root cause is an out-of-bounds index into a 6-element lv_objects array used during readStyleType(2008), which enables ...
CVE-2023-38127
CVE-2023-38127 : An integer overflow in Ichitaro 2023 (version 1.0.1.59372) HyperLinkFrame stream parsing can cause an under-sized allocation, enabling memory corruption and potential arbitrary code execution via a crafted document. The vulnerability is exposed during parsing of the DocumentViewS...
CVE-2023-38128
CVE-2023-38128 : In Ichitaro 2023 (version 1.0.1.59372), a vulnerability exists in the HyperLinkFrame stream parser that allows an out-of-bounds write, causing a type confusion, memory corruption, and potential arbitrary code execution. Cisco Talos details a chain where an input document’s 0x2008...