PT-2021-9626 · Softmaker · Softmaker Office Textmaker

Published

2021-02-10

Updated

2022-06-07

CVE-2020-13546

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoftMaker Office TextMaker version 2021 (revision 1014)

Description A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this issue.

Recommendations For SoftMaker Office TextMaker version 2021 (revision 1014), consider avoiding the use of documents from untrusted sources until a patch is available. As a temporary workaround, restrict the ability to open documents that may trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-131CWE-787

Related Identifiers

CVE-2020-13546

Affected Products

Softmaker Office Textmaker

PT-2021-9626 · Softmaker · Softmaker Office Textmaker

CVE-2020-13546

Weakness Enumeration

Related Identifiers

Affected Products

References · 6