CVE-2021-26236

Sažetak

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

Reference

https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/
https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236
https://www.exploit-db.com/exploits/49660

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-03-2021 - 01:19

Objavljeno

18-03-2021 - 13:15