Vulnerabilites related to faststone - image_viewer
CVE-2021-26236 (GCVE-0-2021-26236)
Vulnerability from cvelistv5
Published
2021-03-18 12:55
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/49660 | x_refsource_MISC | |
| https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer v.\u003c= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, \u0027BitCount\u0027 file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T13:58:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/49660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer v.\u003c= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, \u0027BitCount\u0027 file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236",
"refsource": "MISC",
"url": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236"
},
{
"name": "https://www.exploit-db.com/exploits/49660",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/49660"
},
{
"name": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26236",
"datePublished": "2021-03-18T12:55:54",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35843 (GCVE-0-2020-35843)
Vulnerability from cvelistv5
Published
2021-01-25 19:07
Modified
2024-08-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/DmitriyMelikov | x_refsource_MISC | |
| https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T19:07:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/DmitriyMelikov",
"refsource": "MISC",
"url": "https://twitter.com/DmitriyMelikov"
},
{
"name": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md",
"refsource": "MISC",
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35843",
"datePublished": "2021-01-25T19:07:32",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11703 (GCVE-0-2018-11703)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11703",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9112 (GCVE-0-2024-9112)
Vulnerability from cvelistv5
Published
2024-11-22 21:33
Modified
2024-11-26 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1273/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FastStone | Image Viewer |
Version: 7.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_viewer",
"vendor": "faststone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:14:53.502258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:18:54.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Image Viewer",
"vendor": "FastStone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"dateAssigned": "2024-09-23T13:14:14.555-05:00",
"datePublic": "2024-09-23T14:48:44.890-05:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:33:43.532Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1273",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1273/"
}
],
"source": {
"lang": "en",
"value": "Zeze with TeamT5"
},
"title": "FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9112",
"datePublished": "2024-11-22T21:33:43.532Z",
"dateReserved": "2024-09-23T18:14:14.526Z",
"dateUpdated": "2024-11-26T15:18:54.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26237 (GCVE-0-2021-26237)
Vulnerability from cvelistv5
Published
2021-03-18 13:59
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T13:59:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/",
"refsource": "MISC",
"url": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26237",
"datePublished": "2021-03-18T13:59:13",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26233 (GCVE-0-2021-26233)
Vulnerability from cvelistv5
Published
2021-03-18 13:53
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T13:53:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/",
"refsource": "MISC",
"url": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26233",
"datePublished": "2021-03-18T13:53:52",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13244 (GCVE-0-2019-13244)
Vulnerability from cvelistv5
Published
2019-07-04 15:04
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:04:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13244",
"datePublished": "2019-07-04T15:04:56",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1764 (GCVE-0-2007-1764)
Vulnerability from cvelistv5
Published
2007-03-30 00:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/2510 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/23196 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/42054 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33485 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/464148/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2510",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2510"
},
{
"name": "23196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23196"
},
{
"name": "42054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42054"
},
{
"name": "faststone-jpg-bo(33485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33485"
},
{
"name": "20070329 Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464148/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2510",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2510"
},
{
"name": "23196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23196"
},
{
"name": "42054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42054"
},
{
"name": "faststone-jpg-bo(33485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33485"
},
{
"name": "20070329 Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464148/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2510",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2510"
},
{
"name": "23196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23196"
},
{
"name": "42054",
"refsource": "OSVDB",
"url": "http://osvdb.org/42054"
},
{
"name": "faststone-jpg-bo(33485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33485"
},
{
"name": "20070329 Re: [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464148/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1764",
"datePublished": "2007-03-30T00:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15815 (GCVE-0-2018-15815)
Vulnerability from cvelistv5
Published
2019-03-26 19:03
Modified
2024-08-05 10:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T19:03:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html",
"refsource": "MISC",
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15815",
"datePublished": "2019-03-26T19:03:13",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8826 (GCVE-0-2017-8826)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a \"User Mode Write AV\" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a \"User Mode Write AV\" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8826",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-05-07T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9114 (GCVE-0-2024-9114)
Vulnerability from cvelistv5
Published
2024-11-22 21:34
Modified
2024-11-22 21:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1275/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FastStone | Image Viewer |
Version: 7.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_viewer",
"vendor": "faststone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:45:10.478440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:48:38.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Image Viewer",
"vendor": "FastStone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"dateAssigned": "2024-09-23T13:14:28.603-05:00",
"datePublic": "2024-09-23T14:49:02.494-05:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:34:05.006Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1275",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1275/"
}
],
"source": {
"lang": "en",
"value": "Zeze with TeamT5"
},
"title": "FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9114",
"datePublished": "2024-11-22T21:34:05.006Z",
"dateReserved": "2024-09-23T18:14:28.595Z",
"dateUpdated": "2024-11-22T21:48:38.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11702 (GCVE-0-2018-11702)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11702",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11704 (GCVE-0-2018-11704)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11704",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26234 (GCVE-0-2021-26234)
Vulnerability from cvelistv5
Published
2021-03-18 13:55
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T13:55:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/",
"refsource": "MISC",
"url": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26234",
"datePublished": "2021-03-18T13:55:18",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13245 (GCVE-0-2019-13245)
Vulnerability from cvelistv5
Published
2019-07-04 15:05
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:05:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13245",
"datePublished": "2019-07-04T15:05:05",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11707 (GCVE-0-2018-11707)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11707",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1942 (GCVE-0-2007-1942)
Vulnerability from cvelistv5
Published
2007-04-11 01:00
Modified
2024-08-07 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/23312 | vdb-entry, x_refsource_BID | |
| http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/464726/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/24784 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/2558 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/34664 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html"
},
{
"name": "20070404 Several Windows image viewers vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464726/100/0/threaded"
},
{
"name": "24784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24784"
},
{
"name": "2558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2558"
},
{
"name": "34664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html"
},
{
"name": "20070404 Several Windows image viewers vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464726/100/0/threaded"
},
{
"name": "24784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24784"
},
{
"name": "2558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2558"
},
{
"name": "34664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23312"
},
{
"name": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html",
"refsource": "MISC",
"url": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html"
},
{
"name": "20070404 Several Windows image viewers vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464726/100/0/threaded"
},
{
"name": "24784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24784"
},
{
"name": "2558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2558"
},
{
"name": "34664",
"refsource": "OSVDB",
"url": "http://osvdb.org/34664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1942",
"datePublished": "2007-04-11T01:00:00",
"dateReserved": "2007-04-10T00:00:00",
"dateUpdated": "2024-08-07T13:13:41.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36947 (GCVE-0-2022-36947)
Vulnerability from cvelistv5
Published
2022-08-18 20:58
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.faststone.org/FSViewerDetail.htm | x_refsource_MISC | |
| https://wid.cert-bund.de/portal/wid/kurzinformationen | x_refsource_MISC | |
| https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:31.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.faststone.org/FSViewerDetail.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wid.cert-bund.de/portal/wid/kurzinformationen"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T20:58:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.faststone.org/FSViewerDetail.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wid.cert-bund.de/portal/wid/kurzinformationen"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.faststone.org/FSViewerDetail.htm",
"refsource": "MISC",
"url": "https://www.faststone.org/FSViewerDetail.htm"
},
{
"name": "https://wid.cert-bund.de/portal/wid/kurzinformationen",
"refsource": "MISC",
"url": "https://wid.cert-bund.de/portal/wid/kurzinformationen"
},
{
"name": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883",
"refsource": "MISC",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36947",
"datePublished": "2022-08-18T20:58:16",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:31.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11705 (GCVE-0-2018-11705)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11705",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35845 (GCVE-0-2020-35845)
Vulnerability from cvelistv5
Published
2021-01-25 19:11
Modified
2024-08-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/DmitriyMelikov | x_refsource_MISC | |
| https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T19:11:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/DmitriyMelikov",
"refsource": "MISC",
"url": "https://twitter.com/DmitriyMelikov"
},
{
"name": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md",
"refsource": "MISC",
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35845",
"datePublished": "2021-01-25T19:11:15",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35844 (GCVE-0-2020-35844)
Vulnerability from cvelistv5
Published
2021-01-25 19:09
Modified
2024-08-04 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/DmitriyMelikov | x_refsource_MISC | |
| https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:12.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T19:09:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/DmitriyMelikov",
"refsource": "MISC",
"url": "https://twitter.com/DmitriyMelikov"
},
{
"name": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md",
"refsource": "MISC",
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35844",
"datePublished": "2021-01-25T19:09:47",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-04T17:16:12.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26235 (GCVE-0-2021-26235)
Vulnerability from cvelistv5
Published
2021-03-18 13:56
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T13:56:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/",
"refsource": "MISC",
"url": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26235",
"datePublished": "2021-03-18T13:56:33",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15813 (GCVE-0-2018-15813)
Vulnerability from cvelistv5
Published
2019-03-26 19:02
Modified
2024-08-05 10:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T19:02:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html",
"refsource": "MISC",
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15813",
"datePublished": "2019-03-26T19:02:25",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11701 (GCVE-0-2018-11701)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11701",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8785 (GCVE-0-2017-8785)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a \"Data from Faulting Address may be used as a return value\" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a \"Data from Faulting Address may be used as a return value\" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8785",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-05-04T00:00:00",
"dateUpdated": "2024-08-05T16:48:21.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13246 (GCVE-0-2019-13246)
Vulnerability from cvelistv5
Published
2019-07-04 15:05
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:05:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13246",
"datePublished": "2019-07-04T15:05:11",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15816 (GCVE-0-2018-15816)
Vulnerability from cvelistv5
Published
2019-03-26 19:03
Modified
2024-08-05 10:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T19:03:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html",
"refsource": "MISC",
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15816",
"datePublished": "2019-03-26T19:03:24",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5870 (GCVE-0-2008-5870)
Vulnerability from cvelistv5
Published
2009-01-08 18:13
Modified
2024-08-07 11:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/6673 | exploit, x_refsource_EXPLOIT-DB | |
| http://securityreason.com/securityalert/4878 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/497061/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6673",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6673"
},
{
"name": "4878",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4878"
},
{
"name": "20081005 FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6673",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6673"
},
{
"name": "4878",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4878"
},
{
"name": "20081005 FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6673",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6673"
},
{
"name": "4878",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4878"
},
{
"name": "20081005 FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5870",
"datePublished": "2009-01-08T18:13:00",
"dateReserved": "2009-01-08T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9113 (GCVE-0-2024-9113)
Vulnerability from cvelistv5
Published
2024-11-22 21:33
Modified
2024-11-26 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1274/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FastStone | Image Viewer |
Version: 7.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "image_viewer",
"vendor": "faststone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:14:52.066687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:18:28.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Image Viewer",
"vendor": "FastStone",
"versions": [
{
"status": "affected",
"version": "7.8"
}
]
}
],
"dateAssigned": "2024-09-23T13:14:23.164-05:00",
"datePublic": "2024-09-23T14:48:54.250-05:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:33:54.875Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1274",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1274/"
}
],
"source": {
"lang": "en",
"value": "Zeze with TeamT5"
},
"title": "FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-9113",
"datePublished": "2024-11-22T21:33:54.875Z",
"dateReserved": "2024-09-23T18:14:23.159Z",
"dateUpdated": "2024-11-26T15:18:28.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15814 (GCVE-0-2018-15814)
Vulnerability from cvelistv5
Published
2019-03-26 19:02
Modified
2024-08-05 10:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T19:02:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html",
"refsource": "MISC",
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15814",
"datePublished": "2019-03-26T19:02:34",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15817 (GCVE-0-2018-15817)
Vulnerability from cvelistv5
Published
2019-03-26 19:03
Modified
2024-08-05 10:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T19:03:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html",
"refsource": "MISC",
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15817",
"datePublished": "2019-03-26T19:03:35",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11706 (GCVE-0-2018-11706)
Vulnerability from cvelistv5
Published
2018-06-19 13:00
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11706",
"datePublished": "2018-06-19T13:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T08:17:08.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-03-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "454CBDB5-8A0C-4C35-82F8-806E30AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.5 tiene un problema de corrupci\u00f3n de cadena de manejo de excepciones que comienza en image00400000+0x00000000003ef68a mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2018-15815",
"lastModified": "2024-11-21T03:51:30.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T20:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de lectura y ejecuci\u00f3n de modo de usuario en 0x0057898e, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11707",
"lastModified": "2024-11-21T03:43:52.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-30 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "139A6993-D162-4E4A-ADC9-80F78549FEDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el FastStone Image Viewer 2.8 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una imagen JPG manipulada."
}
],
"id": "CVE-2007-1764",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-30T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42054"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2510"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464148/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23196"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464148/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:15
Modified
2024-11-21 05:28
Severity ?
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/DmitriyMelikov | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/DmitriyMelikov | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D45C71-35A5-4053-A13E-923D1C89234E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.5, presenta una escritura fuera de l\u00edmites (por medio de un archivo de imagen dise\u00f1ado) en FSViewer.exe+0xbe9c4"
}
],
"id": "CVE-2020-35844",
"lastModified": "2024-11-21T05:28:17.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:54.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 14:15
Modified
2024-11-21 05:55
Severity ?
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB16A-3B41-4691-8CE4-B8A98FA43CA2",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
},
{
"lang": "es",
"value": "FastStone Image Viewer versiones anteriores incluyendo a 7.5, est\u00e1 afectado por una infracci\u00f3n de acceso de escritura en modo de usuario en 0x00402d8a, que se desencadena cuando un usuario abre o visualiza un archivo CUR malformado que el archivo FSViewer.exe maneja inapropiadamente.\u0026#xa0;Unos atacantes podr\u00edan explotar este problema para una Denegaci\u00f3n de Servicio (DoS) o posiblemente para lograr una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-26234",
"lastModified": "2024-11-21T05:55:58.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T14:15:13.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26234-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-22 22:15
Modified
2024-12-19 18:15
Severity ?
Summary
FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1273/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE2BD8-9A5C-43AA-994C-8F3D2D6DE135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos PSD de FastStone Image Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de FastStone Image Viewer. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PSD. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-25102."
}
],
"id": "CVE-2024-9112",
"lastModified": "2024-12-19T18:15:52.733",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T22:15:19.863",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1273/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "454CBDB5-8A0C-4C35-82F8-806E30AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.5 tiene una violaci\u00f3n de acceso de lectura en \"Block Data Move\" que comienza en image00400000+0x0000000000002d7d mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2018-15816",
"lastModified": "2024-11-21T03:51:30.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T20:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-22 22:15
Modified
2024-11-26 20:58
Severity ?
Summary
FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1275/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE2BD8-9A5C-43AA-994C-8F3D2D6DE135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos GIF de FastStone Image Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de FastStone Image Viewer. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos GIF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-25145."
}
],
"id": "CVE-2024-9114",
"lastModified": "2024-11-26T20:58:01.907",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T22:15:20.107",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1275/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x00402d6a, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11703",
"lastModified": "2024-11-21T03:43:51.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 14:15
Modified
2024-11-21 05:55
Severity ?
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB16A-3B41-4691-8CE4-B8A98FA43CA2",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
},
{
"lang": "es",
"value": "FastStone Image Viewer versiones anteriores incluyendo a 7.5, est\u00e1 afectado por una infracci\u00f3n de acceso de escritura en modo de usuario en 0x00402d7d, que se desencadena cuando un usuario abre o visualiza un archivo CUR malformado que el archivo FSViewer.exe maneja inapropiadamente.\u0026#xa0;Unos atacantes podr\u00edan explotar este problema para una Denegaci\u00f3n de Servicio (DoS) o posiblemente para lograr una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-26237",
"lastModified": "2024-11-21T05:55:58.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T14:15:13.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26237-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a \"Data from Faulting Address may be used as a return value\" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 6.2, presenta un problema de \"Data from Faulting Address may be used as a return value\" . Este problema puede ser activado con un archivo JPEG 2000 malformado que es manejado inapropiadamente por el archivo FSViewer.exe. Los atacantes podr\u00edan explotar este problema para una DoS (Violaci\u00f3n de Acceso) o posiblemente otro impacto no especificado.versi\u00f3n 6.2, presenta un problema de \"Data from Faulting Address may be used as a return value\" . Este problema puede ser activado con un archivo JPEG 2000 malformado que es manejado inapropiadamente por el archivo FSViewer.exe. Los atacantes podr\u00edan explotar este problema para una DoS (Violaci\u00f3n de Acceso) o posiblemente otro impacto no especificado."
}
],
"id": "CVE-2017-8785",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:03.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8785"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-22 22:15
Modified
2024-12-19 18:15
Severity ?
Summary
FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1274/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE2BD8-9A5C-43AA-994C-8F3D2D6DE135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos TGA de FastStone Image Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de FastStone Image Viewer. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TGA. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-25140."
}
],
"id": "CVE-2024-9113",
"lastModified": "2024-12-19T18:15:21.380",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T22:15:19.990",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1274/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a \"User Mode Write AV\" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 6.2, presenta un problema de \"User Mode Write AV\", posiblemente relacionado con la funci\u00f3n jpeg_mem_term en el archivo jmemnobs.c en biblioteca libjpeg. Este problema puede ser activado con un archivo JPEG malformado que es manejado inapropiadamente por el archivo FSViewer.exe. Los atacantes podr\u00edan aprovechar este problema para una DoS (Violaci\u00f3n de Acceso) o posiblemente otro impacto no especificado."
}
],
"id": "CVE-2017-8826",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:03.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8826"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "454CBDB5-8A0C-4C35-82F8-806E30AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.5 tiene una violaci\u00f3n de acceso de lectura en \"Block Data Move\" que comienza en image00400000+0x0000000000002d63 mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2018-15817",
"lastModified": "2024-11-21T03:51:30.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T20:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 14:15
Modified
2024-11-21 05:55
Severity ?
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB16A-3B41-4691-8CE4-B8A98FA43CA2",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
},
{
"lang": "es",
"value": "FastStone Image Viewer versiones anteriores incluyendo a 7.5, est\u00e1 afectado por una infracci\u00f3n de acceso de escritura en modo de usuario cercana a NULL en 0x005bdfcb, que se desencadena cuando un usuario abre o visualiza un archivo CUR malformado que el archivo FSViewer.exe maneja inapropiadamente.\u0026#xa0;unos atacantes podr\u00edan explotar este problema para una Denegaci\u00f3n de Servicio (DoS) o posiblemente para lograr una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-26233",
"lastModified": "2024-11-21T05:55:57.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T14:15:13.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26233-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB07C8-6BFE-4ACE-8590-77096596B058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.0 tiene un User Mode Write AV iniciando en image00400000+0x00000000001a95b1."
}
],
"id": "CVE-2019-13245",
"lastModified": "2024-11-21T04:24:31.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a95b1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x005cb509, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11701",
"lastModified": "2024-11-21T03:43:51.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x00578dd8, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11706",
"lastModified": "2024-11-21T03:43:51.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB07C8-6BFE-4ACE-8590-77096596B058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.0 tiene un User Mode Write AV iniciando en image00400000+0x00000000001a9601."
}
],
"id": "CVE-2019-13246",
"lastModified": "2024-11-21T04:24:32.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x00000000001a9601.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB07C8-6BFE-4ACE-8590-77096596B058",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.0 tiene un User Mode Write AV iniciando en image00400000+0x0000000000002d7d."
}
],
"id": "CVE-2019-13244",
"lastModified": "2024-11-21T04:24:31.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:10.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/fsview/0x0000000000002d7d.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "454CBDB5-8A0C-4C35-82F8-806E30AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.5 tiene un vector de ataque de escritura de modo de usuario que comienza en image00400000+0x00000000001cb509 mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2018-15814",
"lastModified": "2024-11-21T03:51:30.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T20:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 13:15
Modified
2024-11-21 05:55
Severity ?
Summary
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/49660 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/49660 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB16A-3B41-4691-8CE4-B8A98FA43CA2",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer v.\u003c= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, \u0027BitCount\u0027 file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file."
},
{
"lang": "es",
"value": "FastStone Image Viewer versiones anteriores incluyendo a 7.5, est\u00e1 afectado por un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en 0x005BDF49, que afecta la funcionalidad de an\u00e1lisis de archivos CUR (estructura BITMAPINFOHEADER, campo de formato de archivo \"BitCoun\"), que terminar\u00e1 corrompiendo el Structure Exception Handler (SEH) .\u0026#xa0;Unos atacantes podr\u00edan explotar este problema para lograr una ejecuci\u00f3n de c\u00f3digo cuando un usuario abre o visualiza un archivo CUR malformado o especialmente dise\u00f1ado"
}
],
"id": "CVE-2021-26236",
"lastModified": "2024-11-21T05:55:58.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T13:15:20.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26236-faststone-image-viewer-v-7-5-stack-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://voidsec.com/fuzzing-faststone-image-viewer-cve-2021-26236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 14:15
Modified
2024-11-21 05:55
Severity ?
Summary
FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB16A-3B41-4691-8CE4-B8A98FA43CA2",
"versionEndIncluding": "7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer \u003c= 7.5 is affected by a user mode write access violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
},
{
"lang": "es",
"value": "FastStone Image Viewer versiones anteriores incluyendo a 7.5, est\u00e1 afectado por una infracci\u00f3n de acceso de escritura en modo de usuario cercana a NULL en 0x005bdfc9, que se desencadena cuando un usuario abre o visualiza un archivo CUR malformado que el archivo FSViewer.exe no maneja apropiadamente.\u0026#xa0;Unos atacantes podr\u00edan explotar este problema para una Denegaci\u00f3n de Servicio (DoS) o posiblemente para lograr una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2021-26235",
"lastModified": "2024-11-21T05:55:58.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T14:15:13.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://voidsec.com/advisories/cve-2021-26235-faststone-image-viewer-v-7-5-user-mode-write-access-violation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-26 20:29
Modified
2024-11-21 03:51
Severity ?
Summary
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "454CBDB5-8A0C-4C35-82F8-806E30AAF745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.5 tiene un vector de ataque de escritura de modo de usuario que comienza en image00400000+0x00000000000e1237 mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2018-15813",
"lastModified": "2024-11-21T03:51:30.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-26T20:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x00crashes.blogspot.com/2018/08/faststone-image-viewer-65-few-crashes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-18 21:15
Modified
2024-11-21 07:14
Severity ?
Summary
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wid.cert-bund.de/portal/wid/kurzinformationen | Third Party Advisory | |
| cve@mitre.org | https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883 | Third Party Advisory | |
| cve@mitre.org | https://www.faststone.org/FSViewerDetail.htm | Product, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wid.cert-bund.de/portal/wid/kurzinformationen | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.faststone.org/FSViewerDetail.htm | Product, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28445B71-A2CD-4A5F-AE9C-851DCBAD7FB2",
"versionEndExcluding": "7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow."
},
{
"lang": "es",
"value": "Un an\u00e1lisis no seguro en una partici\u00f3n de PNG tRNS en FastStone Image Viewer versiones hasta 7.5, resulta en un desbordamiento del b\u00fafer de la pila."
}
],
"id": "CVE-2022-36947",
"lastModified": "2024-11-21T07:14:07.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-18T21:15:08.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wid.cert-bund.de/portal/wid/kurzinformationen"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.faststone.org/FSViewerDetail.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wid.cert-bund.de/portal/wid/kurzinformationen"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.faststone.org/FSViewerDetail.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x00578cb3, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11702",
"lastModified": "2024-11-21T03:43:51.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11702"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E061D1B5-F141-46C5-95D6-66DCDEF9E57A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942."
},
{
"lang": "es",
"value": "FastStone Image Viewer v3.6 permite a atacantes con usuario asistido provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una imagen BMP mal formada con valores largos de anchura y altura, posiblemente relacionado con la cuesti\u00f3n CVE-2007-1942."
}
],
"id": "CVE-2008-5870",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-08T18:30:04.767",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4878"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x00402d7d, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11704",
"lastModified": "2024-11-21T03:43:51.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11704"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:15
Modified
2024-11-21 05:28
Severity ?
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/DmitriyMelikov | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/DmitriyMelikov | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D45C71-35A5-4053-A13E-923D1C89234E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.5, presenta una escritura fuera de l\u00edmites (por medio de un archivo de imagen dise\u00f1ado) en FSViewer.exe+0x956e"
}
],
"id": "CVE-2020-35843",
"lastModified": "2024-11-21T05:28:17.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:54.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:15
Modified
2024-11-21 05:28
Severity ?
Summary
FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/DmitriyMelikov | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/DmitriyMelikov | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D45C71-35A5-4053-A13E-923D1C89234E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf."
},
{
"lang": "es",
"value": "FastStone Image Viewer versi\u00f3n 7.5, presenta una escritura fuera de l\u00edmites (por medio de un archivo de imagen dise\u00f1ado) en FSViewer.exe+0x96cf"
}
],
"id": "CVE-2020-35845",
"lastModified": "2024-11-21T05:28:17.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:15:54.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/DmitryMeD/pentesting/blob/main/FastStone%20Image%20Viewer%207.5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/DmitriyMelikov"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-11 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9DD260-ADC0-4F74-9D2B-2CEF9DD642B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp."
},
{
"lang": "es",
"value": "Desbordamiento de entero en FastStone Image Viewer 2.9 permite a atacantes dependientes del contexto provocar denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen BMP manipulada, como se demostr\u00f3 con wh3intof.bmp y wh4intof.bmp."
}
],
"id": "CVE-2007-1942",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-11T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34664"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24784"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2558"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464726/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464726/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23312"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 01:29
Modified
2024-11-21 03:43
Severity ?
Summary
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| faststone | image_viewer | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:faststone:image_viewer:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D7F39-6197-414E-A08E-BDD7DA84A5D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
},
{
"lang": "es",
"value": "FastStone Image Viewer 6.2 tiene un AV de escritura de modo de usuario en 0x00578cc4, que se desencadena cuando el usuario abre un archivo JPEG mal formado que es gestionado err\u00f3neamente por FSViewer.exe. Los atacantes podr\u00edan explotar este problema para lograr una denegaci\u00f3n de servicio (violaci\u00f3n de acceso) o posiblemente otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-11705",
"lastModified": "2024-11-21T03:43:51.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T01:29:02.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11705"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}