Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
File must be opened locally by a victim, so AV:L and UI:R; claimed arbitrary code execution justifies C:H/I:H/A:H rather than the input vector's availability-only impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
AnalysisAI
Arbitrary code execution and denial of service in FastStone Image Viewer 8.3 occur when the application parses a maliciously crafted Photoshop (PSD) file, triggering an integer overflow in its PSD parsing component. Affected users are those who open attacker-supplied PSD files in this Windows freeware image viewer; successful exploitation can crash the application or, per the reporter and tags, lead to code execution in the user's context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a specifically crafted PSD (Photoshop) file in FastStone Image Viewer 8.3 - the malformed PSD itself is the precondition, processed by the viewer's PSD parser. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and partly inconsistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails or hosts a crafted PSD file with manipulated header/dimension fields and lures a victim into opening it in FastStone Image Viewer 8.3. When the viewer parses the file, the integer overflow corrupts memory, crashing the application (DoS) or potentially executing attacker-supplied code in the victim's user context. … |
| Remediation | No vendor-released patch version is identified in the available data, so the primary action is to monitor the vendor's download page (https://www.faststone.org/FSIVDownload.htm) and the CERT/CC note (https://kb.cert.org/vuls/id/936962) for a fixed release beyond 8.3 and upgrade as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all FastStone Image Viewer 8.3 installations across the organization. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39773
GHSA-qqfj-jwq4-rqmg