JVN#79149117
Multiple vulnerabilities in JustSystems products

Overview

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities.

Products Affected

• Ichitaro series
• Hanako series
• Rakuraku Hagaki series
• Label Mighty series
• JUST Office series
• JUST Government series
• JUST Police series
• Homepage Builder 21

Description

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.

• Use After Free (CWE-416) - CVE-2022-43664

  CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.8
  CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

• Heap-based Buffer Overflow (CWE-122) - CVE-2022-45115

  CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.8
  CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

• Free of Memory not on the Heap (CWE-590) - CVE-2023-22291

  CVSS v3	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.0
  CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:P	Base Score: 5.1

• Heap-based Buffer Overflow (CWE-122) - CVE-2023-22660

  CVSS v3	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.0
  CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:P	Base Score: 5.1

Impact

Processing a specialy crafted file may cause a buffer overflow and/or denial-of-service (DoS) condition.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer
For more information, refer to the information provided by the developer.