Remote Code Execution Vulnerability in Foxit Studio Photo by Foxit Software
CVE-2021-31436
7.8HIGH
Summary
This vulnerability in Foxit Studio Photo 3.6.6.931 exposes installations to remote code execution through maliciously crafted SGI files. Exploitation requires user interaction, as victims must open a harmful file or visit a malicious website. The core issue arises from improper validation of user-supplied data length, leading to a buffer overflow in a heap-based buffer. By exploiting this flaw, an attacker can execute arbitrary code within the context of the affected application.
Affected Version(s)
Studio Photo 3.6.6.931
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Anonymous