CVE-2019-11932
published 2019-10-03CVE-2019-11932: A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android…
PriorityP270high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
44.53%
98.6th percentile
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android-gif-drawable_project | android-gif-drawable | < 1.2.18 | 1.2.18 |
| koral | android-gif-drawable | >= unspecified < 1.2.18 | 1.2.18 |
| < 2.19.244 | 2.19.244 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation overwrites the GifInfo->rewindFunction pointer with a ROP gadget address to achieve arbitrary code execution. Memory forensics or crash analysis should look for corrupted GifInfo structures with unexpected rewindFunction values. ↗
- →Vulnerable apps can be identified by extracting and checking the SHA256 of the bundled libpl_droidsonroids_gif.so. The known vulnerable library hash is F613296C6076DF86671D1B51739A23802169541B1057D40B2C61BF583032C9F9. ↗
- ·The vulnerability exists in android-gif-drawable versions before 1.2.18. Apps on Google Play and third-party stores (1mobile, 9Apps, 91 market, APKPure, Aptoide, 360 Market, PP Assistant, QQ Market, Xiaomi Market) may still ship the vulnerable library even after WhatsApp itself was patched. ↗
- ·The patched version of libpl_droidsonroids_gif.so (present in WhatsApp 2.19.291+) adds a check so that if width*height is 0, free is called and info->rasterBits is set to null, preventing the double-free. Bin diff between WhatsApp 2.19.216 (vulnerable) and 2.19.291 (patched) confirms the fix. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
android-gif-drawable Double Free vulnerability
ghsa·2022-05-24
CVE-2019-11932 [HIGH] CWE-415 android-gif-drawable Double Free vulnerability
android-gif-drawable Double Free vulnerability
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
OSV
android-gif-drawable Double Free vulnerability
osv·2022-05-24
CVE-2019-11932 [HIGH] android-gif-drawable Double Free vulnerability
android-gif-drawable Double Free vulnerability
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
No detection rules found.
Trendmicro
CVE-2019-11932 noch immer in vielen Apps gefährlich
blogs_trendmicro·2019-11-28·CVSS 8.8
CVE-2019-11932 [HIGH] CVE-2019-11932 noch immer in vielen Apps gefährlich
Ausnutzung von Schwachstellen
## CVE-2019-11932 noch immer in vielen Apps gefährlich
Eine Android-Schwachstelle ist noch immer weit verbreitet
By: Lance Jiang, Jesse Chang Nov 28, 2019 Read time: ( words)
Save to Folio
Originalbeitrag von Lance Jiang und Jesse Chang
Bereits Anfang Oktober wurde CVE-2019-11932 , eine Schwachstelle in WhatsApp für Android, bekannt gemacht. Die Lücke erlaubt es Angreifern, mithilfe speziell präparierter GIF-Dateien aus der Ferne Code auszuführen. Sie wurde in der Version 2.19.244 von WhatsApp zwar gepatcht, doch das Problem liegt in der Bibliothek libpl_droidsonroids_gif.so , die zum android-gif-drawable -Package gehört. Auch dieser Fehler wurde behoben und dennoch sind viele Anwendungen immer noch in Gefahr, weil sie die ältere Version nutzen. An techn
Trendmicro
Skimming and Phishing Scams Ahead of Black Friday
blogs_trendmicro·2019-11-27·CVSS 8.8
[HIGH] Skimming and Phishing Scams Ahead of Black Friday
Cyber Threats
# Skimming and Phishing Scams Ahead of Black Friday
Learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, read about how the p4 hacking team from Poland won Trend Micro’s Capture the Flag (CTF) competition in Tokyo.
By: Jon Clay
Nov 27, 2019
Read time: ( words)
Save to Folio
"Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, read about how the p4 hacking team from Poland won Trend Micro’s Capture the Flag (CTF) competition in Tokyo. Read on:
####
Trendmicro
Skimming and Phishing Scams Ahead of Black Friday
blogs_trendmicro·2019-11-27·CVSS 8.8
[HIGH] Skimming and Phishing Scams Ahead of Black Friday
Cyber Threats
# Skimming and Phishing Scams Ahead of Black Friday
Learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, read about how the p4 hacking team from Poland won Trend Micro’s Capture the Flag (CTF) competition in Tokyo.
By: Jon Clay
2019/11/27
Read time: ( words)
Save to Folio
"Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, read about how the p4 hacking team from Poland won Trend Micro’s Capture the Flag (CTF) competition in Tokyo. Read on:
#### S
Trendmicro
Patched GIF Processing Vuln Still Affects Mobile Apps
blogs_trendmicro·2019-11-25·CVSS 8.8
CVE-2019-11932 [HIGH] Patched GIF Processing Vuln Still Affects Mobile Apps
Mobile
## Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
By: Lance Jiang, Jesse Chang Nov 25, 2019 Read time: ( words)
Save to Folio
Updated on Nov. 25 at 7:45 PM Eastern Time to add video demonstrating vulnerability.
CVE-2019-11932 , which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the
Trendmicro
Patched GIF Processing Vuln Still Affects Mobile Apps
blogs_trendmicro·2019-11-25·CVSS 8.8
CVE-2019-11932 [HIGH] Patched GIF Processing Vuln Still Affects Mobile Apps
Dispositivos móviles
## Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
By: Lance Jiang, Jesse Chang Nov 25, 2019 Read time: ( words)
Save to Folio
Updated on Nov. 25 at 7:45 PM Eastern Time to add video demonstrating vulnerability.
CVE-2019-11932 , which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of What
Trendmicro
Patched GIF Processing Vuln Still Affects Mobile Apps
blogs_trendmicro·2019-11-25·CVSS 8.8
CVE-2019-11932 [HIGH] Patched GIF Processing Vuln Still Affects Mobile Apps
Mobile
## Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
By: Lance Jiang, Jesse Chang 2019/11/25 Read time: ( words)
Save to Folio
Updated on Nov. 25 at 7:45 PM Eastern Time to add video demonstrating vulnerability.
CVE-2019-11932 , which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the un
Trendmicro
Patched GIF Processing Vuln Still Affects Mobile Apps
blogs_trendmicro·2019-11-25·CVSS 8.8
CVE-2019-11932 [HIGH] Patched GIF Processing Vuln Still Affects Mobile Apps
Mobile
# Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
By: Lance Jiang, Jesse Chang
2019/11/25
Read time: ( words)
Save to Folio
Updated on Nov. 25 at 7:45 PM Eastern Time to add video demonstrating vulnerability.
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the und
Trendmicro
Patched GIF Processing Vuln Still Affects Mobile Apps
blogs_trendmicro·2019-11-25·CVSS 8.8
CVE-2019-11932 [HIGH] Patched GIF Processing Vuln Still Affects Mobile Apps
Mobile
# Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
By: Lance Jiang, Jesse Chang
Nov 25, 2019
Read time: ( words)
Save to Folio
Updated on Nov. 25 at 7:45 PM Eastern Time to add video demonstrating vulnerability.
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the u
Talos
Threat Source newsletter (Oct. 24, 2019)
blogs_talos·2019-10-24
Threat Source newsletter (Oct. 24, 2019)
Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gustuff is proving it once again. The banking trojan, after we first discovered it earlier this year, is back with a version 2, targeting a new round of victims and deploying new anti-detection techniques.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
### Upcoming public engagements with TalosEvent:Talos atBSides BelfastLocation:Titanic Belfast, Belfast, Northern IrelandDate:Oct.
Talos
Threat Source newsletter (Oct. 24, 2019)
blogs_talos·2019-10-24
Threat Source newsletter (Oct. 24, 2019)
## Threat Source newsletter (Oct. 24, 2019)
Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Never assume that a malware family is really dead. We’ve done it time and time again with things like Emotet, and Gustuff is proving it once again. The banking trojan, after we first discovered it earlier this year, is back with a version 2 , targeting a new round of victims and deploying new anti-detection techniques.
We also have our weekly Threat Roundup , which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
## Upcoming public engagements with Talos Event: Talos at BSides Belfast Location:
arXiv
PTAuth: Temporal Memory Safety via Robust Points-to Authentication
arxiv_fulltext·2020-10-26
PTAuth: Temporal Memory Safety via Robust Points-to Authentication
: Temporal Memory Safety via Robust Points-to Authentication
Reza Mirzazade Farkhani
Northeastern University
[email protected]
Mansour Ahmadi
Northeastern University
[email protected]
Long Lu
Northeastern University
[email protected]
gobble
page1
## Abstract
Temporal memory corruptions are commonly exploited software vulnerabilities that
can lead to powerful attacks. Despite significant progress made by decades of
research on mitigation techniques, existing countermeasures fall short due to
either limited coverage or overly high overhead. Furthermore, they require
external mechanisms (e.g., spatial memory safety) to protect their metadata.
Otherwise, their protection can be bypassed or disabled.
To address these limitations, we present robust points-to
http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlhttp://seclists.org/fulldisclosure/2019/Nov/27https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20https://github.com/koral--/android-gif-drawable/pull/673https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9https://www.facebook.com/security/advisories/cve-2019-11932http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlhttp://seclists.org/fulldisclosure/2019/Nov/27https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20https://github.com/koral--/android-gif-drawable/pull/673https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9https://www.facebook.com/security/advisories/cve-2019-11932
2019-10-03
Published