CVE-2019-11931Stack-based Buffer Overflow in Whatsapp Business FOR Android

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Facebook Whatsapp Business FOR AndroidFacebook Whatsapp Business FOR IOSFacebook Whatsapp Enterprise Client+6 more
Timeline
PublishedNov 14
Latest updateMay 24

Description

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5facebook/whatsapp_business_for_androidunspecified2.19.104+1
NVDwhatsapp/whatsapp_business< 2.19.100+1
CVEListV5facebook/whatsapp_for_androidunspecified2.19.274+1
CVEListV5facebook/whatsapp_business_for_iosunspecified2.19.100+1
CVEListV5facebook/whatsapp_enterprise_clientunspecified2.25.3+1

🔴Vulnerability Details

3
GHSA
GHSA-6c69-f792-7pq7: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user2022-05-24
Project0
Fuzzing ImageIO - Project Zero2020-04-01
CVEList
CVE-2019-11931: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user2019-11-14
CVE-2019-11931 — Stack-based Buffer Overflow | cvebase