Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
39 lines (29 sloc) 1.77 KB

FastStone Image Viewer 7.5

FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e , 0xbe9c4, 0x96cf

CVE-2020-35843

The bug

eax=04040404 ebx=00015330 ecx=000001ba edx=0000000d esi=053e3b20 edi=0098c6ec

eip=0040956e esp=0018e594 ebp=0018e600 iopl=0 nv up ei pl nz na po nc

cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202

*** ERROR: Module load completed but symbols could not be loaded for image00400000

image00400000+0x956e:

0040956e 8938 mov dword ptr [eax],edi ds:002b:04040404=00650074

CVE-2020-35844

The bug

eax=003f15e0 ebx=000002b4 ecx=0278ba20 edx=00003400 esi=03bf696c edi=00d21da0

eip=004be9c4 esp=0018e210 ebp=0018e21c iopl=0 nv up ei pl zr na pe nc

cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246

*** WARNING: Unable to verify checksum for image00400000

*** ERROR: Module load completed but symbols could not be loaded for image00400000

image00400000+0xbe9c4:

004be9c4 8a0401 mov al,byte ptr [ecx+eax] ds:002b:02b7d000=??

CVE-2020-35845

The bug

eax=3b3bdf63 ebx=3b3bdf60 ecx=0018e5f0 edx=055213f0 esi=053e3b20 edi=00000000

eip=004096cf esp=0018e5fc ebp=0018e664 iopl=0 nv up ei pl nz na po nc

cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202

*** WARNING: Unable to verify checksum for image00400000

*** ERROR: Module load completed but symbols could not be loaded for image00400000

image00400000+0x96cf:

004096cf 895c33f8 mov dword ptr [ebx+esi-8],ebx ds:002b:407a1a78=????????