CVE-2020-13545

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-01-2021 04:15

Last modified: - 07-06-2022 08:37

Total changes: - 7

Description

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

vendor=softmaker AND product=softmaker_office AND version=2021

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162

Keywords

CVE-2020-13545

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-13545

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures