Skip to main content

Whatsapp CVE-2019-11931

HIGH
Stack-based Buffer Overflow (CWE-121)
2019-11-14 cve-assign@fb.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 23:15 nvd
HIGH 7.8

DescriptionNVD

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

AnalysisAI

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-121. A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. Affected products include: Whatsapp, Whatsapp Whatsapp Business, Whatsapp Whatsapp Enterprise Client. Version information: prior to 2.19.274.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-36934 CRITICAL POC
9.8 Sep 22

An integer overflow in WhatsApp could result in remote code execution in an established video call. Rated critical sever

CVE-2019-11932 HIGH POC
8.8 Oct 03

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version

CVE-2022-27492 HIGH POC
7.8 Sep 23

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Rated high

CVE-2018-6344 HIGH POC
7.5 Dec 31

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. Rated high

CVE-2021-24041 CRITICAL
9.8 Dec 07

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android

CVE-2021-24026 CRITICAL
9.8 Apr 06

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, W

CVE-2020-1909 CRITICAL
9.8 Nov 03

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.2

CVE-2020-1907 CRITICAL
9.8 Oct 06

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, Wha

CVE-2020-1891 CRITICAL
9.8 Sep 03

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android

CVE-2019-11933 CRITICAL
9.8 Oct 23

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19

CVE-2019-3568 CRITICAL
9.8 May 14

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTC

CVE-2021-24035 CRITICAL
9.1 Jun 11

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for

Share

CVE-2019-11931 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy