CVE-2019-17138

Foxit Studio Photo is affected by CVE-2019-17138 due to an out-of-bounds read during JPEG to EPS conversion. The issue stems from insufficient validation of user-supplied data, potentially allowing information disclosure and, in conjunction with other flaws, code execution in the target process. ...

CVE-2019-13323

CVE-2019-13323 affects Foxit Studio Photo 3.6.6.909. The flaw lies in TIF file handling, caused by insufficient validation of user-supplied data, leading to a write past the end of an allocated structure. This enables remote code execution in the context of the current process when a user visits ...

CVE-2020-8883

CVE-2020-8883 affects Foxit Studio Photo (notably version 3.6.6.916/918 and similar) and is caused by improper validation in EPS file handling, leading to a read past the end of an allocated structure during EPS parsing. This results in information disclosure via a path that requires user interac...

CVE-2019-13325

Foxit Studio Photo 3.6.6.909 is affected by CVE-2019-13325 due to an EPS file parsing flaw that can cause a read past the end of an allocated structure, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The issue is con...

CVE-2020-8878

Foxit Studio Photo 3.6.6.916 is affected by a PSD file handling vulnerability. The root cause is improper validation of user-supplied data, causing a write past the end of an allocated structure. This enables remote code execution in the context of the current process. Exploitation requires user ...

CVE-2019-13324

CVE-2019-13324 affects Foxit Studio Photo 3.6.6.909. The vulnerability is in the TIFF file handling that allows an out-of-bounds read due to improper validation of user-supplied data, enabling remote code execution in the attacker’s context. Exploitation requires user interaction (visiting a mali...

CVE-2020-8882

CVE-2020-8882 affects Foxit Studio Photo (notably version 3.6.6.916 and related builds such as 3.6.6.918 and earlier). The root cause is a failure to properly initialize a pointer before it is accessed while processing PSD files, enabling remote code execution. Successful exploitation requires us...

CVE-2020-8879

Foxit Studio Photo 3.6.6.916 is affected by CVE-2020-8879. The issue is a PSD file handling flaw that allows a read past the end of an allocated structure due to improper validation of user-supplied data. It requires user interaction (visit a malicious page or open a malicious file) and could be ...

CVE-2020-8880

Foxit Studio Photo 3.6.6.916 is affected by a TIF file parsing vulnerability. The flaw arises from improper validation during TIF data handling, causing a read past the end of an allocated structure and enabling remote code execution. Exploitation requires user interaction (the target opening a m...

CVE-2020-8881

CVE-2020-8881 affects Foxit Studio Photo 3.6.6.916 (and earlier, per CNVD citations) where the vulnerability exists in TIF file processing due to the program not validating the existence of an object before performing operations. This leads to remote code execution in the context of the current p...

CVE-2020-8877

The CVE-2020-8877 issue affects Foxit Studio Photo, with a PSD file handling flaw causing an out‑of‑bounds/read past end condition. Affected product: Foxit Studio Photo 3.6.6.916 (and, per CNVD, earlier 3.6.6.918 and earlier versions). Root cause: improper validation of user-supplied PSD data lea...

CVE-2020-17404

Foxit Studio Photo 3.6.6.922 is affected by a PSD-file handling flaw that enables an out-of-bounds write, leading to remote code execution in the context of the process. Root cause: insufficient validation of data during PSD processing, which can write past the end of an allocated structure. Expl...

CVE-2019-6750

CVE-2019-6750 relates to Foxit Studio Photo 3.6.6 (and prior versions) with a flaw in the handling of EZI files. The issue is a write past the end of an allocated structure caused by insufficient validation of user-supplied data, enabling remote code execution in the context of the vulnerable pro...

CVE-2019-6746

Foxit Studio Photo 3.6.6 (and earlier) is affected by a TIF file handling flaw that can disclose sensitive information due to a read past the end of an allocated structure. The issue requires user interaction (visiting a malicious page or opening a malicious file) and, per the sources, could be l...

CVE-2019-6749

Foxit Studio Photo is affected by an EZIX file parsing vulnerability that enables remote code execution. The flaw (CVE-2019-6749) arises from improper validation of user-supplied data in EZIX file handling, causing a write past the end of an allocated structure. Impact: attackers can execute code...

CVE-2019-6747

Foxit Studio Photo 3.6.6 is affected by CVE-2019-6747 due to an out-of-bounds write in the EZI file handling, enabling remote code execution when a user opens a malicious file or visits a crafted page. Root cause is lack of proper validation of user-supplied data, writing past the end of an alloc...

CVE-2019-6751

CVE-2019-6751 affects Foxit Studio Photo 3.6.6.779 and earlier. The root cause is improper validation of user-supplied data in JPG handling, causing a write past the end of an allocated structure and enabling code execution in the current process when a user opens a malicious file or visits a cra...

CVE-2019-6748

Foxit Studio Photo 3.6.6 (and prior) is affected by CVE-2019-6748 due to an out-of-bounds write in the EZI file parser that can lead to remote code execution. The vulnerability requires user interaction (target must open a malicious page/file). Root cause: improper validation during EZI file hand...

CVE-2020-15630

Foxit Studio Photo 3.6.6.922 (and affected earlier versions) is affected by a PNG parsing vulnerability that leads to a read past the end of an allocated structure due to improper validation of user-supplied data. This out-of-bounds read can disclose sensitive information and, per the CVE, can be...

CVE-2020-17421

Foxit Studio Photo vulnerable to remote code execution via NEF file parsing (CVE-2020-17421). The flaw is an out-of-bounds write due to improper validation in handling NEF data, allowing code execution in the context of the current process when a user visits a malicious page or opens a crafted fi...

CVE-2020-15629

Foxit Studio Photo 3.6.6.922 is affected by a TIF file parsing vulnerability described as a buffer overflow/out-of-bounds write. The issue arises from improper validation of user-supplied data in TIFF handling and can enable remote code execution in the context of the current process. Exploitatio...

CVE-2020-17424

Foxit Studio Photo 3.6.6.922 and earlier are affected by an EZI file parsing flaw that allows out-of-bounds write due to insufficient input validation. This can let remote attackers execute arbitrary code in the context of the vulnerable process. User interaction is required (visit a malicious pa...

CVE-2020-17426

CVE-2020-17426 affects Foxit Studio Photo 3.6.6.922 and earlier, where the vulnerability lies in handling CR2 files. The issue stems from insufficient validation of user-supplied data during CR2 file parsing, leading to a memory corruption condition. Exploitation requires user interaction (target...

CVE-2020-17431

The CVE-2020-17431 entry describes a remote code execution in Foxit Studio Photo (confirmed affected: Foxit Studio Photo 3.6.6.922 and earlier per CNVD/NVD entries; ZDI cites a CR2 file parsing flaw). The root cause is improper validation during CR2 file parsing, causing a write past the end of a...

CVE-2020-17435

CVE-2020-17435 affects Foxit Studio Photo (versions around 3.6.6.x). The vulnerability is a CR2 file parsing flaw that allows an information disclosure due to an out-of-bounds read caused by inadequate validation of user-supplied data. Exploitation requires user interaction (visiting a malicious ...

CVE-2020-8869

Summary: CVE-2020-8869 affects Foxit Studio Photo 3.6.6.916 (Windows). The flaw is in the handling of TIF files, caused by insufficient validation of the length of user-supplied data prior to copying it into a fixed-length stack-based buffer. This can enable an attacker to execute arbitrary code ...

CVE-2020-17403

Summary: CVE-2020-17403 affects Foxit Studio Photo (notably versions prior to 3.6.6.928, with references to 3.6.6.922 in some records). The issue is a PSD file handling vulnerability caused by insufficient validation, resulting in an out-of-bounds write that can execute code in the process contex...

CVE-2020-17419

Foxit Studio Photo CVE-2020-17419 affects Foxit Studio Photo 3.6.6.922 (CNVD notes 3.6.6.930 and earlier). The issue is an out-of-bounds write in NEF file parsing due to improper validation of user-supplied data, allowing remote code execution. Exploitation requires user interaction (visiting a m...

CVE-2020-17418

Foxit Studio Photo EZIX channel id out-of-bounds write vulnerability (CVE-2020-17418) affects Foxit Studio Photo 3.6.6.922 and earlier. The flaw occurs in EZIX file handling where a crafted id in a channel element triggers a write past the end of an allocated buffer, enabling arbitrary code execu...

CVE-2020-8870

The CVE-2020-8870 entry affects Foxit Studio Photo, specifically the GetTIFPalette TIF file handling path. The root cause is improper validation of user-supplied data in TIF palette processing, leading to a read past the end of an allocated structure. This allows remote code execution with the at...

CVE-2020-13813

The CVE-2020-13813 entry affects Foxit Studio Photo prior to 3.6.6.922. A local privilege escalation is possible via a crafted DLL placed in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is executed. Affected component: Foxit Studio Photo (Windows). Root cause: DLL loading ...

CVE-2020-17420

Foxit Studio Photo NEF handling in version 3.6.6.922 is affected by an out-of-bounds read due to insufficient input validation, leading to information disclosure. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, per the description, an attacker c...

CVE-2020-17429

Foxit Studio Photo information disclosure (CVE-2020-17429) affects Foxit Studio Photo 3.6.6.922 and earlier (variants in linked sources also reference 3.6.6.930 and older). The root cause is improper validation of user-supplied data within CMP file handling, leading to a read past the end of an a...

CVE-2020-27857

Foxit Studio Photo 3.6.6.922 is affected by CVE-2020-27857 due to an out-of-bounds write during NEF file parsing, allowing remote code execution when a user opens a malicious file or visits a crafted page. Root cause: improper validation of user-supplied data leading to a write past the end of an...

CVE-2020-13812

CVE-2020-13812 specifies a local privilege escalation in Foxit Studio Photo prior to 3.6.6.922 due to a crafted DLL placed in the current working directory, allowing a local user to gain higher privileges. The connected sources corroborate the affected product/version and the root cause (DLL in C...

CVE-2020-17430

Foxit Studio Photo is affected by CVE-2020-17430. The vulnerability resides in CR2 file parsing where improper validation can cause a write past the end of an allocated structure, enabling arbitrary code execution with the current process context after user interaction (e.g., visiting a malicious...

CVE-2020-17423

Foxit Studio Photo 3.6.6.922 is affected by a heap-based buffer overflow in ARW file parsing. The root cause is improper validation of the length of user-supplied data before copying to a heap buffer, enabling remote code execution when a user opens a malicious ARW file or visits a crafted page. ...

CVE-2020-17436

Foxit Studio Photo 3.6.6.922 is affected by a CMP file parsing vulnerability causing an out-of-bounds read in the target process. The issue arises from insufficient validation of user-supplied data and can be leveraged with other vulnerabilities to execute code in the context of the current proce...

CVE-2020-17427

Foxit Studio Photo 3.6.6.922 is affected by CVE-2020-17427, due to an out-of-bounds read in NEF file processing caused by insufficient validation of user-supplied data. The vulnerability allows remote code execution and requires user interaction (the target must visit a malicious page or open a m...

CVE-2020-17428

Foxit Studio Photo CMP file parsing vulnerability (CVE-2020-17428) allows information disclosure via a CMP data handling flaw that can read past the end of an allocated structure. Evidence from ZDI-20-1339 confirms an out-of-bounds read, enabling leakage when a user visits a malicious page or ope...

CVE-2020-27855

Foxit Studio Photo 3.6.6.922 is affected by CVE-2020-27855 due to an SR2 file parsing flaw. The root cause is improper validation of user-supplied data, causing a read past the end of an allocated structure. This information-disclosure/possible code-execution vector requires user interaction (tar...

CVE-2020-13811

CVE-2020-13811 affects Foxit Studio Photo prior to version 3.6.6.922. The issue is an out-of-bounds write triggered by a crafted TIFF file, indicating a memory boundary validation problem in TIFF handling. Documented impact includes potential control of affected memory regions; no public exploit ...

CVE-2020-17425

CVE-2020-17425 affects Foxit Studio Photo (reported as 3.6.6.922 and earlier). The root cause is improper validation during EPS file parsing, causing a write past the end of an allocated structure. This leads to remote code execution in the context of the current process. Exploitation requires us...

CVE-2020-17434

CVE-2020-17434 concerns Foxit Studio Photo versions affected by an ARW file parsing flaw. The issue arises from insufficient validation of user-supplied data, causing a read past the end of an allocated structure and leading to information disclosure. Several connected sources (including ZDI advi...

CVE-2020-27856

Foxit Studio Photo CR2 file parsing flaw in Foxit Studio Photo 3.6.6.922 (and earlier per CNVD/ZDI) due to improper validation of user-supplied data, causing an out-of-bounds read that discloses memory. User interaction is required (targets must open a malicious page/file). The issue can be lever...

CVE-2020-17422

Foxit Studio Photo information disclosure (CVE-2020-17422) stems from improper validation in EPS file parsing, causing an out-of-bounds read of an allocated structure. Affected versions include Foxit Studio Photo 3.6.6.x; an attacker must lure a user to open a malicious page/file, enabling inform...

CVE-2020-17432

Foxit Studio Photo vulnerability CVE-2020-17432 affects parsing of CR2 files and causes an out-of-bounds read due to inadequate input validation. This can lead to information disclosure and, when combined with other flaws, potential code execution in the target process. Exploitation requires user...

CVE-2021-31435

Foxit Studio Photo 3.6.6.931 is affected by a CMP file parsing vulnerability caused by uninitialized memory access, enabling remote code execution. Exploitation requires user interaction (e.g., visiting a malicious page or opening a malicious file). The issue is documented across multiple sources...

CVE-2021-31436

CVE-2021-31436 affects Foxit Studio Photo 3.6.6.931. The issue resides in the SGI file handling where the length of user-supplied data is not properly validated before copying to a heap-based buffer, causing a heap-based buffer overflow. This leads to remote code execution in the context of the c...

CVE-2021-31434

Foxit Studio Photo 3.6.6.931 is affected by CVE-2021-31434. The issue is an out-of-bounds write in the JPM file parsing path caused by insufficient validation of user-supplied data, enabling remote code execution in the context of the current process. Exploitation requires user interaction (visit...