Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Foxit Studio Photo



Published: 2020-03-17 | Updated: 2020-03-19
Severity High
Patch available YES
Number of vulnerabilities 9
CVE ID CVE-2020-8877
CVE-2020-8878
CVE-2020-8879
CVE-2020-8880
CVE-2020-8881
CVE-2020-8882
CVE-2020-8883
CVE-2020-8869
CVE-2020-8870
CWE ID CWE-125
CWE-787
CWE-416
CWE-824
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit Studio Photo
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Advisory

Updated 19.03.2020
Added vulnerabilities #8-9, added fixed version.

1) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8877

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling PSD files. A remote attacker can trick a victim to open a specially crafted PSD file or visit a malicious page, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-300/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8878

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling PSD files. A remote attacker can trick a victim to open a specially crafted PSD file or visit a malicious page, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-301/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8879

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling PSD files. A remote attacker can trick a victim to open a specially crafted PSD file or visit a malicious page, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-302/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8880

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling TIFF files. A remote attacker can trick a victim to open a specially crafted TIFF file or visit a malicious page, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-303/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8881

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing TIFF files. A remote attacker can trick a victim to open a specially crafted TIFF file or visit a malicious page and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-304/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Access of Uninitialized Pointer

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8882

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to access of uninitialized pointer when parsing the PSD files. A remote attacker can trick a victim to open a specially crafted PSD file or visit a malicious page and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-305/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8883

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling the EPS files. A remote attacker trick the victim to open a specially crafted EPS file or visit a malicious page, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-306/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8869

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling TIFF files. A remote attacker can trick a victim to open a specially crafted TIFF file or visit a malicious page, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-311/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8870

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling TIFF files from the "GetTIFPalette" method. A remote attacker can trick a victim to open a specially crafted TIFF file or visit a malicious page, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: -, 3.6.6.918

CPE External links

https://www.zerodayinitiative.com/advisories/ZDI-20-312/
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.