A vulnerability was found in Foxit Studio Photo 3.6.6.916 and classified as problematic. Affected by this issue is an unknown code of the component EPS File Handler. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality. CVE summarizes:

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9880.

The weakness was presented 03/20/2020. This vulnerability is handled as CVE-2020-8883 since 02/11/2020. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

See 151987, 151986, 151985 and 151984 for similar entries.

Productinfo

Vendor

• Foxit

Name

• Studio Photo

Version

• 3.6.6.916

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion