First published: Sun Sep 13 2020(Updated: )
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kingsoft Wps Office | <11.2.0.9403 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-25291.
The severity of CVE-2020-25291 is high, with a severity value of 7.8.
Kingsoft WPS Office versions up to 11.2.0.9403 are affected by CVE-2020-25291.
CVE-2020-25291 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document.
There is no specific fix mentioned in the provided information. It is recommended to update to the latest version of Kingsoft WPS Office to mitigate the vulnerability.