Vulnerability Description
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Faststone | Image Viewer | <= 7.5 |
Related Weaknesses (CWE)
References
- https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stackExploitThird Party Advisory
- https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/49660ExploitThird Party AdvisoryVDB Entry
- https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stackExploitThird Party Advisory
- https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/49660ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-26236?
CVE-2021-26236 is a vulnerability with a CVSS score of 7.8 (HIGH). FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), tha...
How severe is CVE-2021-26236?
CVE-2021-26236 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26236?
Check the references section above for vendor advisories and patch information. Affected products include: Faststone Image Viewer.