Login Sign Up

CVE-2019-17253

7.8 HIGH

📋 TL;DR

CVE-2019-17253 is a memory corruption vulnerability in IrfanView's JPEG-LS decoder that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects users of IrfanView 4.53 who open specially crafted JPEG-LS images. This is a local attack vector requiring user interaction.

💻 Affected Systems

Products:
  • IrfanView
Versions: 4.53
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects JPEG-LS file processing. Users must open a malicious JPEG-LS file to trigger the vulnerability.

📦 What is this software?

Irfanview by Irfanview

View all CVEs affecting Irfanview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the IrfanView user, potentially leading to full system compromise if the user has administrative rights.

🟠

Likely Case

Application crash (denial of service) when opening malicious JPEG-LS files, with potential for limited code execution depending on exploit sophistication.

🟢

If Mitigated

Application crash without code execution if exploit fails or memory protections are effective.

🌐 Internet-Facing: LOW - Requires user to download and open malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Users could be tricked into opening malicious files via email or shared drives, but requires user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires user to open malicious file. Public research demonstrates the vulnerability but weaponized exploits may exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.54 and later

Vendor Advisory: https://www.irfanview.com/main_history.htm

Restart Required: No

Instructions:

1. Download IrfanView 4.54 or later from official website. 2. Run installer. 3. Follow installation prompts. 4. Verify version is 4.54+.

🔧 Temporary Workarounds

Disable JPEG-LS plugin

windows

Remove or disable the JPEG-LS plugin to prevent processing of vulnerable file format

Move or delete Plugins\FORMATS\JPEG_LS.DLL from IrfanView installation directory

Restrict file associations

windows

Remove IrfanView as default handler for JPEG-LS files

Control Panel > Default Programs > Set Default Programs > Remove IrfanView from JPEG-LS associations

🧯 If You Can't Patch

  • Implement application whitelisting to block IrfanView execution
  • Use group policy to restrict opening of JPEG-LS files with IrfanView

🔍 How to Verify

Check if Vulnerable:

Check IrfanView version via Help > About. If version is 4.53, system is vulnerable.

Check Version:

irfanview.exe /?

Verify Fix Applied:

Verify version is 4.54 or later in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from IrfanView
  • Windows Event Logs showing IrfanView process termination

Network Indicators:

  • Unusual outbound connections after opening image files
  • File downloads of JPEG-LS format

SIEM Query:

EventID=1000 AND ProcessName="i_view32.exe" OR ProcessName="i_view64.exe"

📊 Metadata

CVE ID: CVE-2019-17253
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: October 8, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-17253, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)