CVE-2020-8878
Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit Studio Photo 3.6.6.916 is vulnerable to remote code execution via a crafted PSD file due to an out-of-bounds write in parsing.
Vulnerability
Foxit Studio Photo version 3.6.6.916 is affected by a remote code execution vulnerability in the handling of PSD files. The issue stems from a lack of proper validation of user-supplied data, leading to a write past the end of an allocated structure [2]. This flaw is specific to the PSD file parsing routine.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious PSD file or visit a malicious page that triggers the parsing. User interaction is required, and no authentication or special privileges are needed [2]. The exploit involves providing a crafted PSD file that causes an out-of-bounds write during processing.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the current process [2]. This can result in full compromise of the affected system, including unauthorized access to data, modification, or disruption of operations.
Mitigation
As of the publication date (March 2020), no official patch or workaround has been released by Foxit for this vulnerability. The Foxit security bulletins page [1] does not list this CVE, and the ZDI advisory [2] does not mention a fix. Users are advised to avoid opening untrusted PSD files until a patch is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =3.6.6.916
- Foxit/Studio Photov5Range: 3.6.6.916
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-20-301/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.