Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 844067 (CVE-2021-40399) - app-office/wps-office: code execution in spreadsheets
Summary: app-office/wps-office: code execution in spreadsheets
Status: CONFIRMED
Alias: CVE-2021-40399
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://talosintelligence.com/vulnera...
Whiteboard: ~2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-13 17:19 UTC by John Helmert III
Modified: 2024-04-21 22:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-13 17:19:29 UTC 
CVE-2021-40399 (https://security.wps.cn/notices/28):

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Advisory seems to be in Chinese, so not sure about fixed versions.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-15 18:39:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab72d48cebe15dc25e159fd94888fae818dc08b5

commit ab72d48cebe15dc25e159fd94888fae818dc08b5
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2022-05-15 18:38:33 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2022-05-15 18:38:33 +0000

    app-office/wps-office: add 11.1.0.10976
    
    Bug: https://bugs.gentoo.org/844067
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 app-office/wps-office/Manifest                     |  1 +
 .../wps-office/wps-office-11.1.0.10976.ebuild      | 94 ++++++++++++++++++++++
 2 files changed, 95 insertions(+)
Comment 2 Pacho Ramos gentoo-dev 2022-05-15 18:46:50 UTC 
I am unsure if that version contains the fixes for this... but it is the latest available for now
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-16 17:15:45 UTC 
(In reply to Pacho Ramos from comment #2)
> I am unsure if that version contains the fixes for this... but it is the
> latest available for now

I've asked their CNA contact email about fixed versions. The advisory is in Chinese, and it's an image, so it can't be pasted into a translator.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-11 15:29:59 UTC 
"I asked a Chinese speaker in our organization and they said the advisory says the following:

WPS Office 2019 International Version, Windows, Up to 11.2.0. 11074 (Not inclusive)
WPS Office 2019 Individual Version, Windows, Up to 11.1.0 11691 (Not inclusive)
WPS Office 2019 Enterprise Version, Windows, Up to 11.8.2 11542 (Not inclusive)"

So, it would seem that only Windows is affected, but I'm not sure I really trust that. Not only that, but the latest version available at the time of the advisory is less than the fixed version according to the advisory?
Comment 5 Pacho Ramos gentoo-dev 2022-06-11 17:43:59 UTC 
I think versions are different because linux and windows versions are not synced. Personally I would opt for trusting it 

I am also going to bump to a newer version, but I couldn't find any reference to this in its changelog
https://www.wps.com/whatsnew/linux/
Comment 6 Christopher Fore 2024-04-21 22:11:08 UTC 
Bumping down to ~ as there was never a stable version in tree.