Vulnerabilities > CVE-2020-25291 - Out-of-bounds Write vulnerability in Kingsoft WPS Office

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

kingsoft

CWE-787

NVD

Published: 2020-09-13

Updated: 2020-09-17

Summary

GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

Vulnerable Configurations

Part	Description	Count
Application	Kingsoft Kingsoft WPS Office -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://zeifan.my/security/rce/heap/2020/09/03/wps-rce-heap.html