CVE-2020-13545
06.01.2021, 15:15
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
- CWE-196 - Unsigned to Signed Conversion ErrorThe software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.
- CWE-681 - Incorrect Conversion between Numeric TypesWhen converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.