Allele Security Alert
ASA-2019-00548
Identifier(s)
ASA-2019-00548, CVE-2019-11927
Title
Integer overflow in media parsing libraries via specially-crafted EXIF tags in WEBP images
Vendor(s)
Product(s)
Facebook WhatsApp
Affected version(s)
WhatsApp for iOS before version v2.19.100
WhatsApp for Android before version 2.19.243
Fixed version(s)
WhatsApp for iOS version v2.19.100
WhatsApp for Android version 2.19.243
Proof of concept
Unknown
Description
An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.
Technical details
Unknown
Credits
Unknown
Reference(s)
CVE-2019-11927
https://www.facebook.com/security/advisories/CVE-2019-11927
CVE-2019-11927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11927
CVE-2019-11927
https://nvd.nist.gov/vuln/detail/CVE-2019-11927
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 30, 2019