Out-of-Bounds Write Vulnerability in V-Server and V-Server Lite from Fujifilm
CVE-2022-29524

7.8HIGH

Key Information:

Vendor

Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd.

Status
V-server And V-server Lite
Vendor
CVE Published:
14 June 2022

What is CVE-2022-29524?

An out-of-bounds write vulnerability has been identified in Fujifilm's V-Server and V-Server Lite products. This vulnerability arises when a specially crafted image file is opened by a user, potentially allowing an attacker to execute arbitrary code or gain unauthorized information. The affected versions include V-Server v4.0.11.0 and earlier, as well as V-Server Lite v4.0.13.0 and earlier. Proper security measures should be implemented to mitigate the risk associated with this vulnerability.

Affected Version(s)

V-Server and V-Server Lite V-Server v4.0.11.0 and earlier, and V-Server Lite v4.0.13.0 and earlier

References

https://monitouch.fujielectric.com/site/download-e/09vsft...
x_refsource_MISC
https://monitouch.fujielectric.com/site/download-eu/03tel...
x_refsource_MISC
https://jvn.jp/en/vu/JVNVU93134398/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.