CVE-2020-25291

Name of the Vulnerable Software and Affected Versions Kingsoft WPS Office versions prior to 11.2.0.9403

Description The issue allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to the QBrush::setMatrix function in gui/painting/qbrush.cpp in Qt 4.x. The GdiDrawHoriLineIAlt function is also involved in this issue.

Recommendations For Kingsoft WPS Office versions prior to 11.2.0.9403, update to version 11.2.0.9403 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted PNG data within Word documents until the update is applied.