CVE-2022-29506

moderate-risk
Published 2022-06-14

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

Do I need to act?

-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (3)

V-Sft

Affected Vendors

Fujielectric

References (6)

Third Party Advisory https://jvn.jp/en/vu/JVNVU93134398/index.html
Release Notes https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php
Release Notes https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php
Third Party Advisory https://jvn.jp/en/vu/JVNVU93134398/index.html
Release Notes https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php
Release Notes https://monitouch.fujielectric.com/site/download-eu/03tellus_inf/index.php
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 9/34 · Low