Vulnerability Details : CVE-2021-26236
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-26236
- cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26236
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26236
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-26236
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-26236
-
https://www.exploit-db.com/exploits/49660
FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass) - Windows local ExploitExploit;Third Party Advisory;VDB Entry
-
https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/
CVE-2021-26236: FastStone Image Viewer v.Exploit;Third Party Advisory
-
https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236
Fuzzing: FastStone Image Viewer & CVE-2021-26236 - VoidSecExploit;Third Party Advisory
Jump to