JVNDB-2022-001929

Multiple vulnerabilities in Fuji Electric V-SFT

Multiple vulnerabilities listed below exist in the simulator module contained in the graphic editor "V-SFT" provided by FUJI ELECTRIC CO., LTD.

* Out-of-bounds Write (CWE-787) - CVE-2022-30538
* Out-of-bounds Read (CWE-125) - CVE-2022-30546
* Heap-based Buffer Overflow (CWE-122) - CVE-2022-26302
* Use After Free (CWE-416) - CVE-2022-29522
* Access of Uninitialized Pointer (CWE-824) - CVE-2022-29522

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Fuji Electric Co., Ltd.

• V-SFT versions prior to v6.1.6.0

Exploiting these vulnerabilities by opening a specially crafted image file may result in the following impacts.

* Information disclosure
* Arbitrary code execution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer released v6.1.6.0 which contains fixes for these vulnerabilities.
Refer to "Improvement information 2240H36" provided by the developer for more information.

Fuji Electric Co., Ltd.

• Fuji Electric : Improvement information 2240H36

1. Heap-based Buffer Overflow(CWE-122) [Other]
2. Out-of-bounds Read(CWE-125) [Other]
3. Use After Free(CWE-416) [Other]
4. Out-of-bounds Write(CWE-787) [Other]
5. Access of Uninitialized Pointer(CWE-824) [Other]

1. CVE-2022-30538
2. CVE-2022-30546
3. CVE-2022-26302
4. CVE-2022-29522
5. CVE-2022-29925

1. JVN : JVNVU#99188133
2. National Vulnerability Database (NVD) : CVE-2022-30538
3. National Vulnerability Database (NVD) : CVE-2022-30546
4. National Vulnerability Database (NVD) : CVE-2022-26302
5. National Vulnerability Database (NVD) : CVE-2022-29522
6. National Vulnerability Database (NVD) : CVE-2022-29925

• [2022/05/27]
    Web page was published
• [2024/06/18]
    CVSS Severity was modified
    References : Contents were added