E20-159r1
CVSS:
4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
False Positive:
f
Variants:
1
Year:
2020
Description
This strike exploits an out-of-bounds read vulnerability in Foxit Studio Photo versions up to 3.6.6.916.
The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure when handling PSD files.
An attacker could exploit this vulnerability by creating a specially crafted PSD file and entice a user to open it.
Successful exploitation could lead to information disclosure.
CVE
Metasploit
http://www.zerodayinitiative.com/advisories/ZDI-20-302
Zdi
20-302