CVE-2021-26236

Published: Mar 18, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

Affected (1)

Products: Faststone: Image Viewer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Faststone Image Viewer	Up to 7.5

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/

Source: cve@mitre.org

ExploitThird Party Advisory

https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/49660

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/49660

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.