====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN418
_____________________________________________________________________

DATE                : 21/07/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Foxit Studio Photo versions prior
                                      to 3.6.6.925.

=====================================================================
https://www.foxitsoftware.com/support/security-bulletins.html
_____________________________________________________________________


Security update available in Foxit Studio Photo 3.6.6.925

Release date: July 15th, 2020

Platform: Windows


Summary

Foxit has released Foxit Studio Photo 3.6.6.925, which addresses
potential security and stability issues.


Affected versions


Product                 Affected versions         Platform
Foxit Studio Photo      3.6.6.924 and earlier     Windows


Solution

Update Foxit Studio Photo to the latest versions by following the
instructions below.

    Click here to download the updated version of Foxit Studio Photo
from our website.


Vulnerability details

Brief                           Acknowledgement

Addressed potential issues where the application could be exposed to
Out-of-Bounds Read Information Disclosure Addressed potential issues
where the application could be exposed to Out-of-Bounds Read Information
Disclosure vulnerability and crash if users were using PNG. This occurs
due to the use the lack of proper validation of user-supplied data.
(ZDI-CAN-10977).
	Mat Powell of Trend Micro Zero Day Initiative

Addressed potential issues where remote attackers to execute arbitrary
code on the application. This occurs due to the use the lack of proper
validation of user-supplied data. (ZDI-CAN-10764).
	Francis Provencher {PRL} working with Trend Micro Zero Day Initiative


For more information, please contact the Foxit Security Response Team

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================