CVE-2021-26236

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions <= 7.5

Description The issue is a Stack-based Buffer Overflow affecting the CUR file parsing functionality, specifically the BITMAPINFOHEADER Structure and the 'BitCount' file format field. This can lead to corruption of the Structure Exception Handler (SEH), allowing attackers to achieve code execution when a user opens or views a malformed or specially crafted CUR file.

Recommendations For FastStone Image Viewer versions <= 7.5, consider avoiding the use of the CUR file parsing functionality until a patch is available. As a temporary workaround, restrict the opening or viewing of CUR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.