CVE-2020-17418

Vulnerability

This vulnerability affects Foxit Studio Photo version 3.6.6.922. The specific flaw exists within the handling of EZIX files. A crafted id in a channel element can trigger a write past the end of an allocated buffer (out-of-bounds write) [2]. This leads to memory corruption that can be leveraged for arbitrary code execution [1][2].

Exploitation

Exploitation requires user interaction: the target must visit a malicious page or open a malicious file containing a specially crafted EZIX file [2]. The attacker does not need any special privileges or network position beyond delivering the file to the user. The vulnerability is triggered when the application parses the malformed channel element's id field within the EZIX file [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process (Foxit Studio Photo) [1][2]. This can lead to full compromise of the affected system, including confidentiality, integrity, and availability impacts, as indicated by a CVSS score of 7.8 (High) [2].

Mitigation

Foxit Software has not released a specific security bulletin for Foxit Studio Photo addressing CVE-2020-17418 in the available references [1]. The Foxit security bulletins page mainly covers Foxit PDF Reader and Foxit PDF Editor, with updates as recent as 2026 [1]. Users should monitor Foxit's official security advisories for any updates regarding Foxit Studio Photo. As of the publication date (2021-02-09), no patch or workaround has been documented. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.