cbcvebase.
CVE-2019-11931
published 2019-11-14

CVE-2019-11931: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the…

PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.32%
67.3th percentile
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Affected

17 ranges
VendorProductVersion rangeFixed in
facebookwhatsapp_business_for_android
facebookwhatsapp_business_for_android>= unspecified < 2.19.1042.19.104
facebookwhatsapp_business_for_ios
facebookwhatsapp_business_for_ios>= unspecified < 2.19.1002.19.100
facebookwhatsapp_enterprise_client
facebookwhatsapp_enterprise_client>= unspecified < 2.25.32.25.3
facebookwhatsapp_for_android
facebookwhatsapp_for_android>= unspecified < 2.19.2742.19.274
facebookwhatsapp_for_ios
facebookwhatsapp_for_ios>= unspecified < 2.19.1002.19.100
facebookwhatsapp_for_windows_phoneunspecified – 2.18.368
whatsappwhatsapp< 2.19.1002.19.100
whatsappwhatsapp< 2.19.2742.19.274
whatsappwhatsapp<= 2.18.368
whatsappwhatsapp_business< 2.19.1002.19.100
whatsappwhatsapp_business< 2.19.1042.19.104
whatsappwhatsapp_enterprise_client< 2.25.32.25.3

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.