CVE-2020-17428

Vulnerability

This vulnerability affects Foxit Studio Photo version 3.6.6.922 and is rooted in the improper validation of user-supplied data when parsing CMP files. The specific flaw is an out-of-bounds read past the end of an allocated structure, occurring during the handling of CMP file content. An attacker can trigger this by convincing a user to open a malicious CMP file or visit a malicious page that loads such a file [1][2].

Exploitation

Exploitation requires user interaction: the target must open a crafted CMP file or navigate to a malicious web page that triggers file parsing. No special privileges or network position beyond the ability to deliver the file (e.g., via email, download, or web link) is needed. Upon opening the file, Foxit Studio Photo parses the CMP data without sufficient bounds checking, leading to a read that extends beyond the allocated memory region [2].

Impact

Successful exploitation allows an attacker to disclose sensitive information from the process memory of the current user. While the direct impact is limited to information disclosure, the advisory notes that an attacker can leverage this flaw in conjunction with other vulnerabilities to achieve arbitrary code execution in the context of the current process [1][2].

Mitigation

Foxit has not released a specific security bulletin for Studio Photo addressing this CVE. The referenced Foxit security bulletins page lists updates for Foxit PDF Reader and Foxit PDF Editor but does not mention a fix for Foxit Studio Photo [1]. Therefore, no official patch is publicly available. Users are advised to limit exposure by avoiding opening untrusted CMP files and applying general security best practices.