Advisories

A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.

All releases are governed by our Vulnerability Disclosure Policy.


Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d7d , triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49 , affecting the CUR file parsing functionality ( BITMAPINFOHEADER Structure, ' BitCount ' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfc9 , triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d8a , triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfcb , triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
https://voidsec.com/tivoli-madness/