Integer Overflow Vulnerability in WhatsApp Affects Android and iOS Versions
CVE-2019-11927

7.8HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp For Ios
Vendor: CVE Published:; 27 September 2019

What is CVE-2019-11927?

An integer overflow exists within the media parsing libraries of WhatsApp, which can lead to an out-of-bounds write on the heap. This vulnerability is triggered when specially-crafted EXIF tags are embedded within WEBP images, potentially allowing a remote attacker to exploit the flaw. Affected versions include WhatsApp for Android prior to 2.19.143 and WhatsApp for iOS prior to 2.19.100, which may enable unauthorized access to the application.

Affected Version(s)

WhatsApp for Android before version 2.19.143

WhatsApp for iOS before version 2.19.100

References

https://www.facebook.com/security/advisories/cve-2019-11927

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2019
Vulnerability Reserved
May 13, 2019

Facebook

What is CVE-2019-11927?

Affected Version(s)

References

CVSS V3.1

Timeline