Vulnerability Details CVE-2020-25291
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-25291
-
cpe:2.3:a:kingsoft:wps_office:-
-
cpe:2.3:a:kingsoft:wps_office:10.8.0.5745
-
cpe:2.3:a:kingsoft:wps_office:10.8.0.6186
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8668
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8684
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8893
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8934
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8942
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8970
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.8991
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9031
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9052
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9070
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9107
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9127
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9144
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9169
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9232
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9255
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9281
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9327
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9363
-
cpe:2.3:a:kingsoft:wps_office:11.2.0.9396