SB2021042003 - Multiple vulnerabilities in Foxit Studio Photo
Published: April 20, 2021 Updated: April 27, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Use of Uninitialized Variable (CVE-ID: CVE-2021-31435)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an uninitialized variable within the parsing of CMP files. A remote attacker can trick the victim to open a specially crafted CMP file and execute arbitrary code on the system.
2) Out-of-bounds write (CVE-ID: CVE-2021-31433)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ARW file's parser. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Out-of-bounds write (CVE-ID: CVE-2021-31434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JPM file's parser. A remote attacker can trick the victim to open a specially crafted JPM file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Out-of-bounds write (CVE-ID: CVE-2021-31437)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JP2 file's parser. A remote attacker can create a specially crafted JP2 file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2021-31436)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of SGI files. A remote attacker can create a specially crafted SGI file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2021-31438)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the handling of PSP files. A remote unauthenticated attacker can create a specially crafted PS file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
- https://www.zerodayinitiative.com/advisories/ZDI-21-478/
- https://www.zerodayinitiative.com/advisories/ZDI-21-476/
- https://www.zerodayinitiative.com/advisories/ZDI-21-477/
- https://www.zerodayinitiative.com/advisories/ZDI-21-480/
- https://www.zerodayinitiative.com/advisories/ZDI-21-479/
- https://www.zerodayinitiative.com/advisories/ZDI-21-481/