PT-2026-51382 · Undefined · Undefined
Publicado
2026-06-22
·
Atualizado
2026-06-22
·
CVE-2026-30040
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
Multiple remote code execution (RCE) and control-flow corruption vulnerabilities have been identified in FastStone Image Viewer 8.3 and earlier, stemming from flaws in its JPEG 2000 (JP2) and PSD file parsers. Attackers can exploit these by tricking the application into processing specially crafted image files.
Technical Breakdown
- Vulnerability (CVE-2026-30040): A critical heap-based buffer overflow exists in the JP2 parser, specifically triggered by a malformed QCD (quantization default) marker (0xFF5C).
- Attack Vector: A crafted JP2 file can overwrite the EIP (instruction pointer), leading to arbitrary code execution in the context of the current process.
- Trigger Mechanism: The vulnerability can be triggered even without direct user interaction to open the file, as the application may process malicious files during directory enumeration.
- Affected Components: JP2 parser, PSD file parser.
- Affected Versions: FastStone Image Viewer 8.3.0.0 and earlier.
- IOCs: No specific file hashes or network indicators are provided in the advisory.
Defense
Exercise extreme caution with untrusted image files. If possible, avoid processing unknown or untrusted JP2 and PSD files in FastStone Image Viewer until patches are released. Consider alternative, well-maintained image viewers as a temporary measure.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Undefined