CVE-2018-3983
HIGHAtlantis Word Processor - Use-After-Free in Word Document Parser
Title source: llmDescription
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651
Scores
CVSS v3
7.8
EPSS
0.0146
EPSS Percentile
70.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-824
Status
published
Products (2)
atlantiswordprocessor/atlantis_word_processor
3.0.2.3
atlantiswordprocessor/atlantis_word_processor
3.0.2.5
Published
Oct 31, 2019
Tracked Since
Feb 18, 2026