CVE-2020-13579
Last modified
CVE-2020-13579 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. EPSS estimates a 72.56% chance of exploitation in the next 30 days.
Description
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Softmaker | Planmaker 2021 | 1014 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1190Exploit, Technical Description, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1190Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13579?
How severe is CVE-2020-13579?
How do I fix CVE-2020-13579?
Are you affected by CVE-2020-13579?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST