Multiple vulnerabilities in Foxit Studio Photo



Published: 2021-04-20 | Updated: 2021-04-27
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-31435
CVE-2021-31433
CVE-2021-31434
CVE-2021-31437
CVE-2021-31436
CVE-2021-31438
CWE-ID CWE-457
CWE-787
CWE-122
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit Studio Photo
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

Updated: 27.04.2021

Updated information for vulnerabilities #1-6 based on data revealed by ZDI, added CVE-IDs and links to ZDI.

1) Use of Uninitialized Variable

EUVDB-ID: #VU52355

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31435

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an uninitialized variable within the parsing of CMP files. A remote attacker can trick the victim to open a specially crafted CMP file and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-478/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds write

EUVDB-ID: #VU52356

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31433

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the ARW file's parser. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-476/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds write

EUVDB-ID: #VU52357

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31434

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the JPM file's parser. A remote attacker can trick the victim to open a specially crafted JPM file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-477/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU52358

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31437

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the JP2 file's parser. A remote attacker can create a specially crafted JP2 file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-480/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Heap-based buffer overflow

EUVDB-ID: #VU52359

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31436

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of SGI files. A remote attacker can create a specially crafted SGI file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-479/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Stack-based buffer overflow

EUVDB-ID: #VU52360

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31438

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of PSP files. A remote unauthenticated attacker can create a specially crafted PS file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit Studio Photo: 3.6.6.918 - 3.6.6.933


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+update+available+in+Foxit+Studio+Photo+3.6.6.9342021-04-20+00%3A00%3A00
http://www.zerodayinitiative.com/advisories/ZDI-21-481/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###