CVE-2019-6750
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote code execution vulnerability in Foxit Studio Photo 3.6.6 due to an out-of-bounds write in EZI file parsing, requiring user interaction.
Vulnerability
Foxit Studio Photo 3.6.6 (and possibly earlier versions) contains a vulnerability in its handling of EZI files. The issue results from a lack of proper validation of user-supplied data, which can lead to a write past the end of an allocated structure. This flaw is present in the code that parses EZI files [2].
Exploitation
To exploit this vulnerability, an attacker must craft a malicious EZI file and convince the target user to open it or visit a malicious page that triggers the file. No authentication is required, but user interaction is necessary. The CVSS score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code within the context of the current process (Foxit Studio Photo). This can lead to full compromise of confidentiality, integrity, and availability of the user's system [2].
Mitigation
According to the ZDI advisory, Foxit has issued an update to correct this vulnerability [2]. However, the specific fixed version is not mentioned in the provided references. Users should contact Foxit for the latest patches or check the security bulletins page [1] for updates.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 3.6.6
- Foxit/Studio Photov5Range: 3.6.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-19-374/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.