Integer Overflow Vulnerability in WhatsApp Affects Android and iOS Versions
CVE-2019-11927

7.8HIGH

Key Information:

Vendor

Facebook

Vendor
CVE Published:
27 September 2019

What is CVE-2019-11927?

An integer overflow exists within the media parsing libraries of WhatsApp, which can lead to an out-of-bounds write on the heap. This vulnerability is triggered when specially-crafted EXIF tags are embedded within WEBP images, potentially allowing a remote attacker to exploit the flaw. Affected versions include WhatsApp for Android prior to 2.19.143 and WhatsApp for iOS prior to 2.19.100, which may enable unauthorized access to the application.

Affected Version(s)

WhatsApp for Android before version 2.19.143

WhatsApp for iOS before version 2.19.100

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.