Login Sign Up

CVE-2021-31437

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 image files in Foxit Studio Photo. Attackers can exploit improper memory validation to write past allocated buffers and gain control of the current process. Users of Foxit Studio Photo 3.6.6.931 are affected.

💻 Affected Systems

Products:
  • Foxit Studio Photo
Versions: 3.6.6.931
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations of the specific version. User interaction required (opening malicious file).

📦 What is this software?

Foxit Studio Photo by Foxitsoftware

View all CVEs affecting Foxit Studio Photo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when malicious JP2 files are opened.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to open malicious JP2 file. No authentication needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 3.6.6.932 or later

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit Studio Photo. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart application.

🔧 Temporary Workarounds

Disable JP2 file association

windows

Remove Foxit Studio Photo as default handler for JP2 files to prevent automatic opening

Control Panel > Default Programs > Set Default Programs > Choose Foxit Studio Photo > Choose defaults for this program > Uncheck .jp2

Block JP2 files at perimeter

all

Configure email/web gateways to block JP2 attachments and downloads

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized execution
  • Use endpoint protection with memory protection and exploit prevention

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Foxit Studio Photo for version 3.6.6.931

Check Version:

wmic product where name="Foxit Studio Photo" get version

Verify Fix Applied:

Verify version is 3.6.6.932 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Process creation events from Foxit Studio Photo with unusual command lines
  • Memory access violations in application logs

Network Indicators:

  • Downloads of JP2 files from suspicious sources
  • Outbound connections from Foxit Studio Photo process

SIEM Query:

process_name:"FoxitStudioPhoto.exe" AND (file_extension:".jp2" OR memory_violation:*)

📊 Metadata

CVE ID: CVE-2021-31437
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31437, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)