CVE-2021-26236

HIGH

Faststone Image Viewer < 7.5 - Out-of-Bounds Write

Title source: rule

Description

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

Exploits (1)

exploitdb WORKING POC

by Paolo Stagno · pythonlocalwindows

https://www.exploit-db.com/exploits/49660

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/

[Exploit, Third Party Advisory] https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49660

Scores

CVSS v3 7.8

EPSS 0.0074

EPSS Percentile 73.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

faststone/image_viewer < 7.5

Published Mar 18, 2021

Tracked Since Feb 18, 2026