CVE-2019-11933 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Whatsapp FOR Android

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

6.3%

top 9.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp FOR Android Libpl Droidsonroids GIF Project Libpl Droidsonroids GIF Whatsapp

Timeline

PublishedOct 23

Latest updateMay 24

Description

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5facebook/whatsapp_for_androidunspecified — 2.19.291+1

▶NVDwhatsapp/whatsapp< 2.19.291

▶NVDlibpl_droidsonroids_gif_project/libpl_droidsonroids_gif< 1.2.19

🔴Vulnerability Details

GHSA

GHSA-4hmc-9q64-h23p: A heap buffer overflow bug in libpl_droidsonroids_gif before 1↗2022-05-24

▶

CVEList

CVE-2019-11933: A heap buffer overflow bug in libpl_droidsonroids_gif before 1↗2019-10-23

▶