CVE-2007-1942

FastStone Image Viewer 2.9 - Denial of Service and Possible Remote Code Execution via Crafted BMP Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1942. PoCs published by Ivan Fratric.

AI-analyzed exploit summary This exploit generates malformed BMP files to trigger denial-of-service conditions in FastStone Image Viewer by exploiting integer overflows and buffer overflows in palette and image dimension handling. It includes multiple test cases for different overflow scenarios.

Description

Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ivan Fratric · cdoswindows

https://www.exploit-db.com/exploits/29816

View Code ZIP pw:eip

This exploit generates malformed BMP files to trigger denial-of-service conditions in FastStone Image Viewer by exploiting integer overflows and buffer overflows in palette and image dimension handling. It includes multiple test cases for different overflow scenarios.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: FastStone Image Viewer 2.9 and 3.6

No auth needed

Prerequisites: Ability to deliver malformed BMP files to the target system

MITRE ATT&CK