Remote Information Disclosure Vulnerability in Foxit Studio Photo
CVE-2020-17435
3.3LOW
What is CVE-2020-17435?
A vulnerability in Foxit Studio Photo 3.6.6.922 enables remote attackers to disclose sensitive information. The flaw arises during the parsing of CR2 files due to insufficient validation of user-supplied data. To exploit this issue, an attacker requires user interaction, as the victim must either visit a malicious webpage or open a compromised file. This lack of validation may lead to a memory read beyond allocated boundaries, potentially allowing attackers to combine this vulnerability with other exploits to execute code within the context of the current process.
Affected Version(s)
Studio Photo 3.6.6.922