Skip to main content

FastStone Image Viewer EUVDEUVD-2026-39773

| CVE-2026-30041 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-06-26 cve@mitre.org GHSA-qqfj-jwq4-rqmg
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.8 HIGH

File must be opened locally by a victim, so AV:L and UI:R; claimed arbitrary code execution justifies C:H/I:H/A:H rather than the input vector's availability-only impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 26, 2026 - 17:35 vuln.today
CVSS changed
Jun 26, 2026 - 17:22 NVD
7.5 (HIGH)
CVE Published
Jun 26, 2026 - 15:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.

AnalysisAI

Arbitrary code execution and denial of service in FastStone Image Viewer 8.3 occur when the application parses a maliciously crafted Photoshop (PSD) file, triggering an integer overflow in its PSD parsing component. Affected users are those who open attacker-supplied PSD files in this Windows freeware image viewer; successful exploitation can crash the application or, per the reporter and tags, lead to code execution in the user's context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious PSD file
Delivery
Deliver via email or web download
Exploit
User opens file in viewer
Execution
Integer overflow in PSD parser
Persist
Memory corruption
Impact
Code execution or application crash

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open a specifically crafted PSD (Photoshop) file in FastStone Image Viewer 8.3 - the malformed PSD itself is the precondition, processed by the viewer's PSD parser. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and partly inconsistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker emails or hosts a crafted PSD file with manipulated header/dimension fields and lures a victim into opening it in FastStone Image Viewer 8.3. When the viewer parses the file, the integer overflow corrupts memory, crashing the application (DoS) or potentially executing attacker-supplied code in the victim's user context. …
Remediation No vendor-released patch version is identified in the available data, so the primary action is to monitor the vendor's download page (https://www.faststone.org/FSIVDownload.htm) and the CERT/CC note (https://kb.cert.org/vuls/id/936962) for a fixed release beyond 8.3 and upgrade as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all FastStone Image Viewer 8.3 installations across the organization. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39773 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy