Login Sign Up

CVE-2021-31435

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Foxit Studio Photo installations by tricking users into opening malicious CMP files. The flaw exists in improper memory initialization during CMP file parsing, enabling code execution in the current process context. Affected users are those running vulnerable versions of Foxit Studio Photo.

💻 Affected Systems

Products:
  • Foxit Studio Photo
Versions: 3.6.6.931 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing CMP files.

📦 What is this software?

Foxit Studio Photo by Foxitsoftware

View all CVEs affecting Foxit Studio Photo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious CMP files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user education about opening untrusted files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening malicious file) but is otherwise straightforward once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.6.932 or later

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from Foxit website. 2. Run installer. 3. Restart system. 4. Verify version is 3.6.6.932 or higher.

🔧 Temporary Workarounds

Disable CMP file association

windows

Remove CMP file type association with Foxit Studio Photo to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .cmp > Change program > Choose different application

Application sandboxing

windows

Run Foxit Studio Photo in restricted environment using application control solutions

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized executables
  • Deploy email/web filtering to block malicious CMP file delivery

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Foxit Studio Photo for version number

Check Version:

wmic product where name="Foxit Studio Photo" get version

Verify Fix Applied:

Confirm version is 3.6.6.932 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Process creation events for FoxitStudioPhoto.exe with suspicious parent processes
  • File access events for .cmp files from unusual locations

Network Indicators:

  • Downloads of .cmp files from untrusted sources
  • Outbound connections from FoxitStudioPhoto.exe to suspicious IPs

SIEM Query:

process_name="FoxitStudioPhoto.exe" AND file_extension=".cmp" AND source_ip NOT IN (trusted_networks)

📊 Metadata

CVE ID: CVE-2021-31435
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-457
Published: April 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31435, you might also want to check these:

CVE-2025-54874 9.8

This vulnerability in OpenJPEG allows an attacker to write data beyond allocated heap memory boundar...

Same vulnerability type (CWE-457)
CVE-2022-40510 9.8

CVE-2022-40510 is a critical memory corruption vulnerability in Qualcomm audio components that allow...

Same vulnerability type (CWE-457)
CVE-2022-21217 9.8

CVE-2022-21217 is a critical out-of-bounds write vulnerability in Reolink RLC-410W IP cameras that a...

Same vulnerability type (CWE-457)