Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze the security vulnerabilities of Foxit Studio Photo image editing software, which may not be well understood by many people. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

ZDI issued a number of security bulletins on March 16, alerting users to multiple vulnerabilities in Foxit Studio Photo. Studio Photo is an image editing software developed by Foxit.

The vulnerabilities disclosed by ZDI include four high-risk vulnerabilities, all of which have a CVSS score of 7.8. These vulnerabilities were discovered by ZDI researcher Mat Powell. ZDI has reported the security vulnerabilities found to Foxit, and Foxit also released a security update for Studio Photo on the 16th.

The following are brief details of these four vulnerabilities.

The first vulnerability, CVE-2020-8882, lies in the mechanism for handling PSD files. The flaw is due to the failure to properly initialize the pointer before accessing it. Remote attackers can exploit this vulnerability to execute arbitrary code on the affected StudioPhoto.

The second vulnerability, CVE-2020-8881, exists in the processing mechanism for TIF files. The vulnerability is due to the failure to verify the existence of an object before performing an operation on it. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the current process.

The third vulnerability, CVE-2020-8880, lies in the processing mechanism for TIF files. The vulnerability is due to a failure to validate data submitted by the user, resulting in out-of-bounds reading. Remote attackers can exploit this vulnerability to execute arbitrary code.

The fourth vulnerability, CVE-2020-8878, lies in the processing mechanism for PSD files. The vulnerability is due to a failure to validate data submitted by the user, resulting in out-of-bounds writes. Remote attackers can exploit this vulnerability to execute arbitrary code.

Attackers need user interaction to exploit these vulnerabilities, and attackers must induce users to visit malicious pages or open malicious files in order to exploit the vulnerabilities.

In addition to the vulnerability submitted by ZDI, according to Foxit's security bulletin, there is also an out-of-bounds write vulnerability in Studio Photo's TIFF file processing mechanism, which can lead to information disclosure and program crash. In addition, the CyberArk Labs security team reported two vulnerabilities to Foxit.

The vulnerability disclosed by Foxit this time affects Foxit Studio Photo 3.6.6.918 and previous versions. Foxit has fixed the vulnerability in version 3.6.6.922, and it is recommended that affected users download the update as soon as possible.

After reading the above, do you have any further understanding of how to analyze the security vulnerabilities of Foxit Studio Photo image editing software? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.