← back
CVE-2019-11932

CVE-2019-11932

EPSS 44.5%CWE-415
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
Affected products
koral-- · android-gif-drawable
public PoCs found21
githubgithub.com/dorkerdevil/CVE-2019-11932267githubgithub.com/awakened1712/CVE-2019-11932208githubgithub.com/valbrux/CVE-2019-11932-SupportApp38githubgithub.com/Err0r-ICA/WhatsPayloadRCE34githubgithub.com/kal1gh0st/WhatsAppHACK-RCE25githubgithub.com/fastmo/CVE-2019-1193217githubgithub.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit16githubgithub.com/SmoZy92/CVE-2019-119326githubgithub.com/TulungagungCyberLink/CVE-2019-119324githubgithub.com/infiniteLoopers/CVE-2019-119324githubgithub.com/JasonJerry/WhatsRCE4githubgithub.com/Tabni/https-github.com-awakened1712-CVE-2019-119321githubgithub.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-119320githubgithub.com/0759104103/cd-CVE-2019-119320githubgithub.com/primebeast/CVE-2019-119320githubgithub.com/starling021/CVE-2019-11932-SupportApp0githubgithub.com/OrdaraatSite/https-github.com-awakened1710githubgithub.com/BadAssAiras/hello0exploitdbwww.exploit-db.com/exploits/47515unverifiedcve_referencepacketstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlhttps://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/http://seclists.org/fulldisclosure/2019/Nov/27https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20https://github.com/koral--/android-gif-drawable/pull/673https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9https://www.facebook.com/security/advisories/cve-2019-11932