PT-2021-16975 · Faststone · Faststone Image Viewer

Voidsec

Published

2021-03-18

Updated

2021-03-22

CVE-2021-26234

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions prior to 7.6

Description The issue arises from a user mode write access violation at 0x00402d8a when FSViewer.exe mishandles a malformed CUR file. This can occur when a user opens or views such a file. The exploitation of this issue could lead to a Denial of Service (DoS) or potentially allow for code execution.

Recommendations For FastStone Image Viewer versions prior to 7.6, update to version 7.6 or later to resolve the issue.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-26234

Affected Products

Faststone Image Viewer

PT-2021-16975 · Faststone · Faststone Image Viewer

CVE-2021-26234

Weakness Enumeration

Related Identifiers

Affected Products

References · 3