Vulnerabilities > CVE-2019-11419 - NULL Pointer Dereference vulnerability in Tencent Wechat
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
file | exploits/android/dos/46853.txt |
id | EDB-ID:46853 |
last seen | 2019-05-16 |
modified | 2019-05-16 |
platform | android |
port | |
published | 2019-05-16 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46853 |
title | WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service |
type | dos |
References
- http://packetstormsecurity.com/files/152947/WeChat-7.0.4-Denial-Of-Service.html
- http://packetstormsecurity.com/files/152947/WeChat-7.0.4-Denial-Of-Service.html
- https://awakened1712.github.io/hacking/hacking-wechat-dos/
- https://awakened1712.github.io/hacking/hacking-wechat-dos/
- https://www.exploit-db.com/exploits/46853
- https://www.exploit-db.com/exploits/46853