Which software is affected by CVE-2019-11932?

WhatsApp for Android versions up to 2.19.244 and other Android applications using the android-gif-drawable library versions up to 1.2.18 are affected by CVE-2019-11932.

How severe is CVE-2019-11932?

CVE-2019-11932 has a severity score of 8.8 (high).

How can CVE-2019-11932 be exploited?

CVE-2019-11932 can be exploited by remote attackers to execute arbitrary code or cause a denial of service.

Is there a fix available for CVE-2019-11932?

Yes, updating to android-gif-drawable library version 1.2.18 or above and WhatsApp for Android version 2.19.244 or above will fix CVE-2019-11932.

Vulnerability/
CVE-2019-11932

high

8.8

CWE

415

3/10/2019

4/8/2024

CVE-2019-11932: Double Free

Q: What is CVE-2019-11932?

CVE-2019-11932 is a double free vulnerability in the DDGifSlurp function in the android-gif-drawable library before version 1.2.18, allowing remote attackers to execute arbitrary code or cause a denial of service.

First published: Thu Oct 03 2019(Updated: )

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

Credit: cve-assign@fb.com

Affected Software	Affected Version	How to fix
Whatsapp Whatsapp	<2.19.244
Android-gif-drawable Project Android-gif-drawable	<1.2.18

Remedy

https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11932?
CVE-2019-11932 is a double free vulnerability in the DDGifSlurp function in the android-gif-drawable library before version 1.2.18, allowing remote attackers to execute arbitrary code or cause a denial of service.
Which software is affected by CVE-2019-11932?
WhatsApp for Android versions up to 2.19.244 and other Android applications using the android-gif-drawable library versions up to 1.2.18 are affected by CVE-2019-11932.
How severe is CVE-2019-11932?
CVE-2019-11932 has a severity score of 8.8 (high).
How can CVE-2019-11932 be exploited?
CVE-2019-11932 can be exploited by remote attackers to execute arbitrary code or cause a denial of service.
Is there a fix available for CVE-2019-11932?
Yes, updating to android-gif-drawable library version 1.2.18 or above and WhatsApp for Android version 2.19.244 or above will fix CVE-2019-11932.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/remedy
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
vendor/whatsapp
canonical/whatsapp whatsapp
vendor/android-gif-drawable project
canonical/android-gif-drawable project android-gif-drawable

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.