Access of Uninitialized Pointer Vulnerability in V-SFT by Fujielectric
CVE-2022-29925

7.8HIGH

Key Information:

Vendor: Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd.
Status: V-sft
Vendor: CVE Published:; 14 June 2022

🔔 Create Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. Vulnerability Alert

What is CVE-2022-29925?

An access of uninitialized pointer vulnerability exists in the simulator module of the graphic editor V-SFT developed by Fujielectric. This vulnerability can be exploited when a user opens a specially crafted image file, potentially allowing attackers to gain unauthorized access to sensitive information or execute arbitrary code on the affected system. This issue affects all versions prior to v6.1.6.0, and as such, it is crucial for users to update to the latest version to mitigate risks.

Affected Version(s)

V-SFT versions prior to v6.1.6.0

References

https://monitouch.fujielectric.com/site/download-e/09vsft...

x_refsource_MISC

https://jvn.jp/en/vu/JVNVU99188133/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 12, 2022