Description
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
Published: 2026-06-26
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an in the PSD parser component of FastStone Image Viewer v8.3. When the parser processes a specially crafted PSD file, the overflow allows an attacker to overwrite memory locations that can lead to arbitrary code execution or crash the application.

Affected Systems

Only FastStone Image Viewer v8.3 is known to contain the flaw. The affected component is the PSD parser used to read Photoshop PSD files.

Risk and Exploitability

Because the exploit requires a user to open a malicious PSD file, the risk is significant for machines that may view untrusted images. The CVSS score of 7.5 indicates high severity, while the lack of an EPSS score or KEV listing does not diminish the potential for exploitation. Official patch information is not available, but the vulnerability can be mitigated by updating the application or restricting file processing.

Generated by OpenCVE AI on June 26, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of FastStone Image Viewer that includes the PSD parser fix once it is released.
  • Do not open PSD files from untrusted or unknown sources.
  • If an upgrade is not possible, disable PSD file support or force use of a sandboxed environment to reduce privilege during image rendering.

Generated by OpenCVE AI on June 26, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in FastStone Image Viewer PSD Parser Enables Remote Code Execution and DoS

Fri, 26 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in FastStone Image Viewer PSD Parser Enables Arbitrary Code Execution
First Time appeared Faststone
Faststone image Viewer
Weaknesses CWE-680
Vendors & Products Faststone
Faststone image Viewer

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in FastStone Image Viewer PSD Parser Enables Arbitrary Code Execution
Weaknesses CWE-680

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
References

Subscriptions

Faststone Image Viewer
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-26T16:04:09.090Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30041

cve-icon Vulnrichment

Updated: 2026-06-26T16:04:04.894Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T20:30:06Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption