ASA-2019-00548 – WhatsApp: Integer overflow in media parsing libraries via specially-crafted EXIF tags in WEBP images

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00548

Identifier(s)

ASA-2019-00548, CVE-2019-11927

Title

Integer overflow in media parsing libraries via specially-crafted EXIF tags in WEBP images

Vendor(s)

Facebook

Product(s)

Facebook WhatsApp

Affected version(s)

WhatsApp for iOS before version v2.19.100
WhatsApp for Android before version 2.19.243

Fixed version(s)

WhatsApp for iOS version v2.19.100
WhatsApp for Android version 2.19.243

Proof of concept

Unknown

Description

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.

Technical details

Unknown

Credits

Unknown

Reference(s)

CVE-2019-11927
https://www.facebook.com/security/advisories/CVE-2019-11927

CVE-2019-11927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11927

CVE-2019-11927
https://nvd.nist.gov/vuln/detail/CVE-2019-11927

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: September 30, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.