Vulnerabilities > CVE-2019-11931 - Out-of-bounds Write vulnerability in Whatsapp

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Vulnerable Configurations

Part Description Count
Application
Whatsapp
277

Common Weakness Enumeration (CWE)

The Hacker News

idTHN:F5C16B83ACEF91286F045BBF1C48AAFD
last seen2019-11-16
modified2019-11-16
published2019-11-16
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html
titleNew WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices