PT-2021-16974 · Faststone · Faststone Image Viewer

Voidsec

Published

2021-03-18

Updated

2021-03-22

CVE-2021-26233

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions <= 7.5

Description The issue is triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe, resulting in a user mode write access violation near NULL at 0x005bdfcb. This could be exploited for a Denial of Service (DoS) or possibly to achieve code execution.

Recommendations For FastStone Image Viewer versions <= 7.5, avoid opening or viewing malformed CUR files until a patch is available. As a temporary workaround, consider restricting the use of FSViewer.exe to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-26233

Affected Products

Faststone Image Viewer

PT-2021-16974 · Faststone · Faststone Image Viewer

CVE-2021-26233

Weakness Enumeration

Related Identifiers

Affected Products

References · 4