PT-2019-12563 · Facebook · Whatsapp For Android+1

Published

2019-09-27

Updated

2020-10-08

CVE-2019-11927

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WhatsApp for Android versions prior to 2.19.143 WhatsApp for iOS versions prior to 2.19.100

Description An integer overflow in media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.

Recommendations For WhatsApp for Android versions prior to 2.19.143, update to version 2.19.143 or later. For WhatsApp for iOS versions prior to 2.19.100, update to version 2.19.100 or later.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2019-11927

Affected Products

Whatsapp For Android

Whatsapp For Ios

PT-2019-12563 · Facebook · Whatsapp For Android+1

CVE-2019-11927

Weakness Enumeration

Related Identifiers

Affected Products

References · 3