FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
BID:23312
Info
FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
| Bugtraq ID: | 23312 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1942 CVE-2008-5870 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Jan 09 2009 06:12PM |
| Credit: | Ivan Fratric is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
FastStone Image Viewer 3.6 FastStone Image Viewer 2.9 |
| Not Vulnerable: | |
Discussion
FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
FastStone Image Viewer is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.
Successfully exploiting these issues allows attackers to crash the affected application. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.
FastStone Image Viewer 2.9 and 3.6 are affected.
FastStone Image Viewer is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.
Successfully exploiting these issues allows attackers to crash the affected application. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.
FastStone Image Viewer 2.9 and 3.6 are affected.
Exploit / POC
FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
The following examples are available. The resulting files 'wh3intof.bmp', 'wh4intof.bmp', and 'open_me.bmp' are relevant to this BID.
The following examples are available. The resulting files 'wh3intof.bmp', 'wh4intof.bmp', and 'open_me.bmp' are relevant to this BID.
Solution / Fix
FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
References:
References:
- FlatStone Image Viewer Homepage (FlatStone)
- Several Windows image viewers vulnerabilities (Ivan Fratric)
- FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit ([email protected])
- Several Windows image viewers vulnerabilities ("Ivan Fratric"
)