CVE-2019-11419

Name of the Vulnerable Software and Affected Versions WeChat application through 7.0.3 for Android

Description The issue allows attackers to cause a denial of service, resulting in an application crash. This is achieved by replacing an emoji file under the /sdcard/tencent/MicroMsg directory with a crafted .wxgf file. The content of this replacement file must be derived from the phone's IMEI. The application crash occurs when a message containing the replaced emoji is received.

Recommendations For WeChat application version 7.0.3 and earlier, consider removing or restricting access to the crafted .wxgf file until a patch is available. As a temporary workaround, avoid using the replaced emoji in messages to prevent the application crash.