Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

An out‑of‑bounds read occurs in the get_macro_mem_COM function of V‑SFT, enabling a crafted V7 file to cause the program to read data beyond the intended buffer. This flaw, identified as CWE‑125, can expose sensitive information from memory, resulting in potential information disclosure that threatens confidentiality.

Affected Systems

The affected product is Fujitsu Electric Co., Ltd. and Hakko Electronics Co., Ltd. V‑SFT software version 6.2.10.0 and all earlier releases. Any local or network installation of these versions that processes V7 files is vulnerable.

Risk and Exploitability

With a CVSS score of 8.4 the severity is high, but the EPSS score of less than 1 % indicates a low current exploitation probability and it is not listed in CISA’s KEV catalog. The likely attack vector is the local user or remote attacker who forces the application to open a malicious V7 file; if the application accepts files from external sources, a remote exploitation path exists. No public exploit is available, so ongoing monitoring of vendor advisories is recommended.

Generated by OpenCVE AI on April 7, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the approved patch or upgrade V‑SFT to a version greater than 6.2.10.0 if available.
  • If no patch exists, avoid opening or processing untrusted V7 files.
  • Monitor vendor advisories for updates or workarounds.

Generated by OpenCVE AI on April 7, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in V‑SFT May Cause Information Disclosure

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in V‑SFT May Cause Information Disclosure
First Time appeared Fujielectric
Fujielectric v-sft
Vendors & Products Fujielectric
Fujielectric v-sft

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujielectric V-sft
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-02T13:32:36.370Z

Reserved: 2026-03-16T23:27:50.173Z

Link: CVE-2026-32929

cve-icon Vulnrichment

Updated: 2026-04-02T13:26:49.958Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T23:17:03.427

Modified: 2026-04-07T18:33:19.140

Link: CVE-2026-32929

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:39Z

Weaknesses