CVE-2023-34366

Published: Oct 19, 2023Modified: Nov 4, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.

Affected (19)

Products: Justsystems: Easy Postcard Max, Ichitaro 2021, Ichitaro 2022, Ichitaro 2023, Ichitaro Government 10, Ichitaro Government 8, Ichitaro Government 9, Ichitaro Pro 3, Ichitaro Pro 4, Ichitaro Pro 5, Just Government 3, Just Government 4, Just Government 5, Just Office 3, Just Office 4, Just Office 5, Just Police 3, Just Police 4, Just Police 5

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Justsystems Easy Postcard Max	All versions
Justsystems Ichitaro 2021	All versions
Justsystems Ichitaro 2022	All versions
Justsystems Ichitaro 2023	Version 1.0.1.59372
Justsystems Ichitaro Government 10	All versions
Justsystems Ichitaro Government 8	All versions
Justsystems Ichitaro Government 9	All versions
Justsystems Ichitaro Pro 3	All versions
Justsystems Ichitaro Pro 4	All versions
Justsystems Ichitaro Pro 5	All versions
Justsystems Just Government 3	All versions
Justsystems Just Government 4	All versions
Justsystems Just Government 5	All versions
Justsystems Just Office 3	All versions
Justsystems Just Office 4	All versions
Justsystems Just Office 5	All versions
Justsystems Just Police 3	All versions
Justsystems Just Police 4	All versions
Justsystems Just Police 5	All versions