Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Strike ID:
E20-159r1
CVSS:
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
False Positive:
t
Variants:
1
Year:
2020

Description

This strike exploits an out-of-bounds read vulnerability in Foxit Studio Photo versions up to 3.6.6.916. The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure when handling PSD files. An attacker could exploit this vulnerability by creating a specially crafted PSD file and entice a user to open it. Successful exploitation could lead to information disclosure.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8879

References

https://www.zerodayinitiative.com/advisories/ZDI-20-302/

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-20-302