|
[Japanese]
|
JVNDB-2022-001929
|
Multiple vulnerabilities in Fuji Electric V-SFT
|
|
Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" provided by FUJI ELECTRIC CO., LTD.
* Out-of-bounds Write (CWE-787) - CVE-2022-30538
* Out-of-bounds Read (CWE-125) - CVE-2022-30546
* Heap-based Buffer Overflow (CWE-122) - CVE-2022-26302
* Use After Free (CWE-416) - CVE-2022-29522
* Access of Uninitialized Pointer (CWE-824) - CVE-2022-29522
Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Fuji Electric Co., Ltd.
- V-SFT versions prior to v6.1.6.0
|
|
|
Exploiting these vulnerabilities by opening a specially crafted image file may result in the following impacts.
* Information disclosure
* Arbitrary code execution
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer released v6.1.6.0 which contains fixes for these vulnerabilities.
Refer to "Improvement information 2240H36" provided by the developer for more information.
|
|
Fuji Electric Co., Ltd.
|
|
- Heap-based Buffer Overflow(CWE-122) [Other]
- Out-of-bounds Read(CWE-125) [Other]
- Use After Free(CWE-416) [Other]
- Out-of-bounds Write(CWE-787) [Other]
- Access of Uninitialized Pointer(CWE-824) [Other]
|
|
- CVE-2022-30538
- CVE-2022-30546
- CVE-2022-26302
- CVE-2022-29522
- CVE-2022-29925
|
|
- JVN : JVNVU#99188133
|
|
- [2022/05/27]
Web page was published
|
