Login Sign Up

CVE-2019-17241

7.8 HIGH

📋 TL;DR

CVE-2019-17241 is a memory corruption vulnerability in IrfanView's WSQ file parser that allows attackers to execute arbitrary code by tricking users into opening a malicious WSQ image file. This affects all users of IrfanView 4.53 who process untrusted WSQ files. The vulnerability occurs due to improper memory handling when reading WSQ files.

💻 Affected Systems

Products:
  • IrfanView
Versions: 4.53 specifically (check history for other potentially affected versions)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when opening WSQ files; default installations with file associations for WSQ are vulnerable.

📦 What is this software?

Irfanview by Irfanview

View all CVEs affecting Irfanview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the IrfanView user, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited code execution within IrfanView's sandbox, though full RCE is possible with crafted exploits.

🟢

If Mitigated

Application crash with no further impact if exploit fails or is detected by security controls.

🌐 Internet-Facing: MEDIUM - Attackers could host malicious WSQ files on websites or in emails, but requires user interaction to open the file.
🏢 Internal Only: LOW - Primarily a client-side vulnerability; internal network exposure is limited unless WSQ files are commonly shared internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction to open a malicious file; public research demonstrates the vulnerability but weaponized exploits may exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.54 and later

Vendor Advisory: https://www.irfanview.com/main_history.htm

Restart Required: No

Instructions:

1. Download latest IrfanView from official website. 2. Install over existing version. 3. Verify version is 4.54 or higher.

🔧 Temporary Workarounds

Disable WSQ file association

windows

Remove IrfanView as default handler for WSQ files to prevent automatic exploitation

Control Panel > Default Programs > Set Associations > Find .wsq > Change program

Block WSQ files at perimeter

all

Filter WSQ files at email gateways and web proxies

🧯 If You Can't Patch

  • Restrict user permissions to limit damage from potential code execution
  • Use application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version: Help > About or irfanview.exe properties

Check Version:

irfanview.exe /?

Verify Fix Applied:

Confirm version is 4.54 or higher and test with known malicious WSQ file in safe environment

📡 Detection & Monitoring

Log Indicators:

  • IrfanView crash logs
  • Windows Application Error events with WSQ in filename

Network Indicators:

  • WSQ file downloads from untrusted sources

SIEM Query:

EventID=1000 AND Source='Application Error' AND ProcessName='i_view32.exe'

📊 Metadata

CVE ID: CVE-2019-17241
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: October 8, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-17241, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)