The vulnerability could be exploited if an user were to open a specially crafted image file using the Fuji Electric D300win application. The update resolves this issue by updating to version 3.7.1.18 or later. An attacker could exploit this issue to access potentially sensitive data by persuading a user to open a specially crafted image file. Fuji Electric D300win prior to version 3.7.1.18 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. The vulnerability could be exploited if an user were to open a specially crafted image file using the Fuji Electric D300win application. The update resolves this issue by updating to version 3.7.1.18 or later. An attacker could exploit this issue to access potentially sensitive data by persuading a user to open a specially crafted image file. Fujitsu Evernus prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory. The vulnerability could be exploited if an user were to open a specially crafted image file using the Fujitsu Evernus application. The update resolves this issue by updating to version 3.7.1.18 or later. An attacker could exploit this issue to access potentially sensitive data by persuading a user to open a specially crafted image file. Google Chrome prior to version 68.0.3440.75 is

References ^

CVE-2022-1738 - Fujitsu Evernus, Fuji Electric D300win, Google Chrome

Product Description

The vulnerability could be exploited if an user were to open a specially crafted image file using the Google Chrome application. The update resolves this issue by updating to version 68.0.3440.75 or later. An attacker could exploit this issue to access potentially sensitive data by persuading a user to open a specially crafted image file.

Credit: https://www.google.com/webmasters/tools/

A vulnerability was discovered that could allow an attacker to leak sensitive data from the process memory of Google Chrome when a specially crafted image is opened in the browser via SVG or Canvas APIs, which are used by extensions such as Adobe Acrobat. The update resolves this issue by updating to version 68.0.3440.75 or later. An attacker could exploit this issue to access potentially sensitive data by persuading a user to open a specially crafted image file using the Chrome browser. Fujitsu Evernus prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory when a specially crafted image is opened in the application via SVG or Canvas APIs, which are used by extensions such as Adobe Acrobat, and other applications that use these APIs for drawing operations, such as Microsoft Excel and Microsoft PowerPoint 2007 through 2013 versions with service pack 2 applied (available for download at https://support.microsoft.com/en-us/help/2707304). The vulnerability could be exploited if an user were to open a specially crafted image file using the Fujitsu Evernus application, and another application that uses these APIs for drawing operations was also installed on the same system as the targeted Evernus instance without any additional protections configured in place on it (such as disabling all scripting capabilities on a web page). The

Timeline

Published on: 10/19/2022 18:15:00 UTC
Last modified on: 10/21/2022 13:29:00 UTC

References