Allele Security Alert
Double free vulnerability in the DDGifSlurp function
WhatsApp for Android versions before 2.19.24
WhatsApp for Android version 2.19.24
Proof of concept
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.
How a double-free bug in WhatsApp turns to RCE
Simple POC for exploiting WhatsApp double-free bug in DDGifSlurp in decoding.c in libpl_droidsonroids_gif
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 14, 2019