Vulnerabilities > CVE-2019-11932 - Double Free vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
whatsapp
android-gif-drawable-project
CWE-415
exploit available
NVD
Published: 2019-10-03
Updated: 2023-03-01

Summary

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

Vulnerable Configurations

Part Description Count
Application
Whatsapp
250
Application
Android-Gif-Drawable_Project
49

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47515
last seen2019-10-16
modified2019-10-16
published2019-10-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47515
titleWhatsapp 2.19.216 - Remote Code Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154867/whatsapp219216-exec.txt
idPACKETSTORM:154867
last seen2019-10-16
published2019-10-16
reporterValerio Brussani
sourcehttps://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
titleWhatsapp 2.19.216 Remote Code Execution

The Hacker News

idTHN:FBDE32225A323B324753EA6904B36261
last seen2019-10-03
modified2019-10-03
published2019-10-03
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
titleJust a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

References