PT-2018-10762 · Faststone · Faststone Image Viewer

Mostafa Soliman

Published

2018-06-19

Updated

2018-07-02

CVE-2018-11703

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer version 6.2

Description The issue occurs when a malformed JPEG file is opened, causing a User Mode Write AV at 0x00402d6a due to mishandling by FSViewer.exe. This could lead to a Denial of Service (DoS) through an Access Violation, and potentially other unspecified impacts.

Recommendations For FastStone Image Viewer version 6.2, consider avoiding the use of FSViewer.exe to open JPEG files until a fix is available. As a temporary workaround, restrict the opening of JPEG files in the application to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2018-11703

Affected Products

Faststone Image Viewer

PT-2018-10762 · Faststone · Faststone Image Viewer

CVE-2018-11703

Weakness Enumeration

Related Identifiers

Affected Products

References · 3