CVE-2019-11931

Published: Nov 14, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Affected (6)

Products: Whatsapp: Whatsapp, Whatsapp Business, Whatsapp Enterprise Client

3 products

Whatsapp Business

Whatsapp Enterprise Client

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Whatsapp Whatsapp	Before 2.19.274
Whatsapp Whatsapp	Before 2.19.100
Whatsapp Whatsapp	Up to 2.18.368
Whatsapp Whatsapp Business	Before 2.19.104
Whatsapp Whatsapp Business	Before 2.19.100
Whatsapp Whatsapp Enterprise Client	Before 2.25.3

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.facebook.com/security/advisories/cve-2019-11931

Source: cve-assign@fb.com

Third Party Advisory

https://www.facebook.com/security/advisories/cve-2019-11931

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.