CVE-2021-26235
HIGHFastStone Image Viewer <= 7.5 - Denial of Service via Malformed CUR File
Title source: llmDescription
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/
Scores
CVSS v3
7.8
EPSS
0.0106
EPSS Percentile
60.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-476
Status
published
Products (1)
faststone/image_viewer
< 7.5
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026