PT-2019-6106 · Facebook · Whatsapp Business+1
Published
2019-12-02
·
Updated
2021-09-03
·
CVE-2020-1910
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WhatsApp versions prior to v2.21.1.13
WhatsApp Business versions prior to v2.21.1.13
Description
The issue is related to a missing bounds check in the
applyFilterIntoBuffer() function, which can lead to out-of-bounds read and write. This can occur when a user applies specific image filters to a specially crafted image and sends the resulting image. The vulnerability can allow a remote attacker to cause a denial of service or access sensitive information from the WhatsApp memory.Recommendations
For WhatsApp versions prior to v2.21.1.13, update to version v2.21.1.13 or later.
For WhatsApp Business versions prior to v2.21.1.13, update to version v2.21.1.13 or later.
As a temporary workaround, consider avoiding the use of specific image filters in WhatsApp until the issue is resolved.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Whatsapp
Whatsapp Business