Vulnerabilities > CVE-2019-11419 - NULL Pointer Dereference vulnerability in Tencent Wechat

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

tencent

CWE-476

exploit available

NVD

Published: 2019-05-14

Updated: 2023-03-01

Summary

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.

Vulnerable Configurations

Part	Description	Count
Application	Tencent Tencent Wechat 6.3.18 Tencent Wechat 6.3.22 Tencent Wechat 6.3.23 Tencent Wechat 6.3.25 Tencent Wechat 6.3.28 Tencent Wechat 6.3.31 Tencent Wechat 6.3.32 Tencent Wechat 6.5.3 Tencent Wechat 6.5.4 Tencent Wechat 6.5.7 Tencent Wechat 6.5.8 Tencent Wechat 6.5.10 Tencent Wechat 6.5.13 Tencent Wechat 6.5.16 Tencent Wechat 6.5.23 Tencent Wechat 6.6.1 Tencent Wechat 6.6.2 Tencent Wechat 6.6.6 Tencent Wechat 6.6.7 Tencent Wechat 6.7.3 Tencent Wechat 7.0.0 Tencent Wechat 7.0.3	22

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Exploit-Db

file	exploits/android/dos/46853.txt
id	EDB-ID:46853
last seen	2019-05-16
modified	2019-05-16
platform	android
port
published	2019-05-16
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46853
title	WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
type	dos

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References