Remote Code Execution Vulnerability in Foxit Studio Photo by Foxit Software
CVE-2021-31436

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
29 April 2021

Summary

This vulnerability in Foxit Studio Photo 3.6.6.931 exposes installations to remote code execution through maliciously crafted SGI files. Exploitation requires user interaction, as victims must open a harmful file or visit a malicious website. The core issue arises from improper validation of user-supplied data length, leading to a buffer overflow in a heap-based buffer. By exploiting this flaw, an attacker can execute arbitrary code within the context of the affected application.

Affected Version(s)

Studio Photo 3.6.6.931

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous
.