CVE-2026-30041
Received Received - Intake
Integer Overflow in FastStone Image Viewer PSD Parser

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: MITRE

Description
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-30041
EUVD
EUVD-2026-39773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
faststone faststone_image_viewer to 8.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30041 is an integer overflow vulnerability in the PSD (Photoshop Document) parser component of FastStone Image Viewer version 8.3 and earlier.

The vulnerability occurs due to insufficient validation of the height value in PSD files, which can lead to a heap-based buffer overflow.

An attacker can exploit this by supplying a specially crafted PSD file that triggers the overflow when processed by the software.

This can result in arbitrary code execution or cause a denial of service (application crash).

The vulnerability can be triggered without direct user interaction, for example during automatic operations like thumbnail generation.

Impact Analysis

Exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected system, potentially gaining control over the program's execution flow.

This could lead to unauthorized actions depending on the privileges of the user running FastStone Image Viewer.

Alternatively, the vulnerability can cause a persistent denial of service by crashing the application when processing a malicious PSD file.

Since the vulnerability can be triggered without user interaction, simply opening or previewing a crafted PSD file could compromise the system.

Detection Guidance

Detection of this vulnerability involves identifying the presence of FastStone Image Viewer version 8.3 or earlier on your system, as these versions contain the vulnerable PSD parser.

Since the vulnerability is triggered by processing crafted PSD files, monitoring for unexpected crashes or abnormal behavior when opening or generating thumbnails of PSD files can be an indicator.

There are no specific commands provided to detect exploitation attempts or the vulnerability itself.

  • Check installed FastStone Image Viewer version: Open the application and verify the version number in the About section.
  • Monitor application logs or system event logs for crashes related to FastStone Image Viewer.
  • Use file integrity monitoring to detect unexpected PSD files being opened or processed.
Mitigation Strategies

Immediate mitigation steps include restricting the download and opening of PSD files from untrusted or unknown sources to prevent processing of malicious files.

Run FastStone Image Viewer under a limited local user account to reduce the impact of potential exploitation.

Since no patch is currently available, consider upgrading to FastStone Image Viewer version 8.5 or later once it is confirmed to address this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30041. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart