Alternate Pic View 2.150 PGM CRASH POC

vendor:

Alternate Pic View

by:

Shantanu Khandelwal

7,5

CVSS

HIGH

Access Violation

119

CWE

Product Name: Alternate Pic View

Affected Version From: 2.150

Affected Version To: 2.150

Patch Exists: NO

Related CWE: unknown at the moment

CPE: a:alternate_tools:alternate_pic_view

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Sp3,Windows 7

2016

Alternate Pic View 2.150 PGM CRASH POC

Alternate Pic Viewer crashes on a faulty PGM image file. The faulty PGM file is attached as POC.

Mitigation:

Ensure that all input files are validated before being processed.

Source

Exploit-DB raw data:

# Exploit Title: Alternate Pic View 2.150 PGM CRASH POC
# Date: 14-02-2016
# Exploit Author: Shantanu Khandelwal
# Vendor Homepage: http://www.alternate-tools.com
<https://potplayer.daum.net/>
# Software Link: http://www.alternate-tools.com/pages/c_picview.php?lang=ENG
# Version: 2.150
# Tested on: Windows XP Sp3,Windows 7
# CVE : unknown at the moment

#============================================================================================
Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=01e57f20 ebx=003b0178 ecx=0065014c edx=e16a9530 esi=01e57f18
edi=003b0000
eip=7c9108b2 esp=0012f448 ebp=0012f504 iopl=0 nv up ei pl nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213
#===========================================================================================

Alternate Pic Viewer crashes on a faulty PGM image file .

Faulty PGM file is attached as POC

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/