PT-2020-14976 · Foxit · Foxit Studio Photo
Mat Powell
·
Published
2020-10-28
·
Updated
2021-02-11
·
CVE-2020-17425
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit Studio Photo version 3.6.6.922
Description
This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of EPS files due to the lack of proper validation of user-supplied data, resulting in a write past the end of an allocated structure. An attacker can leverage this to execute code in the context of the current process.
Recommendations
For Foxit Studio Photo version 3.6.6.922, consider disabling the EPS file parsing functionality until a patch is available to prevent exploitation. Restrict access to potentially malicious files or web pages to minimize the risk of remote code execution.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Studio Photo