Stack-Based Buffer Overflow in WhatsApp Affecting Multiple Platforms
CVE-2019-11931

7.8HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp For Ios; WhatSAPp For Windows Phone; WhatSAPp Enterprise Client
Vendor: CVE Published:; 14 November 2019

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-11931?

A stack-based buffer overflow vulnerability in WhatsApp can be exploited by sending a specially crafted MP4 file to a user. This flaw exists in the parsing of elementary stream metadata within the MP4 file, potentially leading to Denial of Service (DoS) or Remote Code Execution (RCE). It affects specific versions across Android, iOS, and WhatsApp Business platforms prior to certain updates, posing significant security risks to users.

Affected Version(s)

WhatsApp Business for Android 2.19.104

WhatsApp Business for Android < 2.19.104

WhatsApp Business for iOS 2.19.100

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

whatsapp-rce-patched
Created by kasif-dekel

References

https://www.facebook.com/security/advisories/cve-2019-11931

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 23, 2019
👾
Exploit known to exist
Nov 16, 2019
Vulnerability published
Nov 14, 2019
Vulnerability Reserved
May 13, 2019

Facebook

Badges

What is CVE-2019-11931?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline