CVE-2020-13545

Summary

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aSoftmakerSoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014)affected

Weaknesses

  • CWE-196: CWE-196: Unsigned to Signed Conversion Error

ADP Enrichment

CVE Program Container

Additional References

References