Login Sign Up

CVE-2019-17245

7.8 HIGH

📋 TL;DR

CVE-2019-17245 is a memory corruption vulnerability in IrfanView's WSQ file parser that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects users who open malicious WSQ image files with IrfanView 4.53. Attackers can exploit this by tricking users into opening specially crafted WSQ files.

💻 Affected Systems

Products:
  • IrfanView
Versions: 4.53
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the WSQ file format handler. Users must open a malicious WSQ file to trigger the vulnerability.

📦 What is this software?

Irfanview by Irfanview

View all CVEs affecting Irfanview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the IrfanView user, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the IrfanView process context.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing or application whitelisting is in place.

🌐 Internet-Facing: LOW - IrfanView is typically not an internet-facing service, but malicious files could be delivered via web or email.
🏢 Internal Only: MEDIUM - Users opening untrusted WSQ files from internal shares or email attachments could be affected.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction to open a malicious file. The vulnerability is in the WSQ parsing code at WSQ!ReadWSQ+0x4359.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.54 and later

Vendor Advisory: https://www.irfanview.com/main_history.htm

Restart Required: No

Instructions:

1. Download IrfanView 4.54 or later from www.irfanview.com. 2. Run the installer. 3. Follow installation prompts to update.

🔧 Temporary Workarounds

Disable WSQ file association

windows

Remove IrfanView as the default handler for WSQ files to prevent automatic exploitation.

Control Panel > Default Programs > Set Associations > Find .WSQ > Change program to another application

Block WSQ files at perimeter

all

Configure email/web gateways to block WSQ file attachments.

🧯 If You Can't Patch

  • Restrict user permissions to limit impact of potential code execution.
  • Implement application whitelisting to prevent unauthorized executables from running.

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version via Help > About. If version is 4.53, the system is vulnerable.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify IrfanView version is 4.54 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from IrfanView
  • Windows Event Logs showing IrfanView process termination

Network Indicators:

  • Unusual outbound connections from IrfanView process

SIEM Query:

source="windows" AND (process_name="i_view64.exe" OR process_name="i_view32.exe") AND event_id=1000

📊 Metadata

CVE ID: CVE-2019-17245
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: October 8, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-17245, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)