CVE-2021-26235

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions prior to 7.6

Description The issue arises when a user opens or views a malformed CUR file, which is mishandled by FSViewer.exe, leading to a user mode write access violation. This could potentially be exploited for a Denial of Service (DoS) or possibly to achieve code execution.

Recommendations For FastStone Image Viewer versions prior to 7.6, update to version 7.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of malformed CUR files until a patch is applied. Restrict access to untrusted image files to minimize the risk of exploitation.