CVE-2021-26236

HIGH

FastStone Image Viewer <= 7.5 - Stack-based Buffer Overflow in CUR File Parser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26236. PoCs published by Paolo Stagno.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in FastStone Image Viewer 7.5 via a malformed .cur file to achieve arbitrary code execution. It bypasses ASLR and DEP using ROP chains and executes a custom shellcode.

Description

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

Exploits (1)

exploitdb WORKING POC
by Paolo Stagno · pythonlocalwindows
https://www.exploit-db.com/exploits/49660

This exploit leverages a stack-based buffer overflow in FastStone Image Viewer 7.5 via a malformed .cur file to achieve arbitrary code execution. It bypasses ASLR and DEP using ROP chains and executes a custom shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: FastStone Image Viewer 7.5
No auth needed
Prerequisites: Victim must open the malformed .cur file in FastStone Image Viewer 7.5
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49660

Scores

CVSS v3 7.8
EPSS 0.0197
EPSS Percentile 77.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
faststone/image_viewer < 7.5
Published Mar 18, 2021
Tracked Since Feb 18, 2026