CVE-2019-12895

Vulnerability

In Alternate Pic View 2.600, the Exception Handler Chain is corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d. This vulnerability is triggered when the application processes a malformed image file, as demonstrated in reference [1] with fuzzed samples. The crash manifests as a write access violation or instruction pointer read violation.

Exploitation

An attacker needs to deliver a specially crafted file to a user running Alternate Pic View 2.600 and convince them to open it. No special network position or authentication is required beyond user interaction. The fuzzed samples in the reference cause the application to hit the corrupted exception handler chain, resulting in a crash.

Impact

Exploitation leads to a denial of service via application crash. The reference does not demonstrate code execution, only a user-mode write access violation, a read access violation at the instruction pointer, and a corrupted exception handler chain. The impact is limited to availability loss.

Mitigation

No official fix or patched version has been released as of the publication date. Users should avoid opening untrusted image files with Alternate Pic View 2.600. The software may be considered end-of-life; no update is available. Reference [1] does not indicate a KEV listing.