CVE-2019-13324

Vulnerability

Foxit Studio Photo version 3.6.6.909 contains a vulnerability in its handling of TIFF files. The issue stems from insufficient validation of user-supplied data, which can result in a read past the end of an allocated structure. This out-of-bounds read can be triggered when a user opens a specially crafted TIFF file or visits a malicious page hosting such a file. The vulnerability is cataloged as ZDI-CAN-8782 and is identified as ZDI-19-841 [1][2].

Exploitation

To exploit this vulnerability, an attacker must convince the target to open a malicious TIFF file or visit a webpage that loads it. No special network position or authentication is required, but user interaction is mandatory. The attacker supplies the malformed TIFF data that triggers the out-of-bounds read during parsing, potentially leading to code execution [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. The CVSS 3.0 base score is 7.8 (High), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating full compromise of confidentiality, integrity, and availability on the affected system [2].

Mitigation

At the time of publication (October 2019), no patch was available from Foxit for Studio Photo. According to Foxit's security bulletins, the company has released updates for other products (e.g., Foxit PDF Reader and PDF Editor) but specific patching information for Studio Photo 3.6.6.909 has not been confirmed. Users should monitor the vendor's security bulletins [1] and consider limiting exposure by avoiding opening untrusted TIFF files from unknown sources until a fix is released [2].