CVE-2020-13579

Name of the Vulnerable Software and Affected Versions SoftMaker Office 2021’s PlanMaker application (affected versions not specified)

Description An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality. A specially crafted document can cause the document parser to perform arithmetic that may overflow, resulting in an undersized heap allocation. Later, when copying data from the file into this allocation, a heap-based buffer overflow will occur, which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.