CVE-2019-11931

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.19.274 (Android) WhatsApp versions prior to 2.19.100 (iOS) WhatsApp Enterprise Client versions prior to 2.25.3 WhatsApp Business for Android versions prior to 2.19.104 WhatsApp Business for iOS versions prior to 2.19.100

Description A stack-based buffer overflow could be triggered by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a Denial of Service (DoS) or Remote Code Execution (RCE). This could allow attackers to hack targeted devices remotely and install spyware on them.

Recommendations For Android versions prior to 2.19.274, update to version 2.19.274 or later. For iOS versions prior to 2.19.100, update to version 2.19.100 or later. For Enterprise Client versions prior to 2.25.3, update to version 2.25.3 or later. For Business for Android versions prior to 2.19.104, update to version 2.19.104 or later. For Business for iOS versions prior to 2.19.100, update to version 2.19.100 or later. As a temporary workaround, consider avoiding the use of MP4 files in WhatsApp until the issue is resolved.