Allele Security Alert
ASA-2019-00554
Identifier(s)
ASA-2019-00554, CVE-2019-11932
Title
Double free vulnerability in the DDGifSlurp function
Vendor(s)
Product(s)
Facebook WhatsApp
Affected version(s)
WhatsApp for Android versions before 2.19.24
Fixed version(s)
WhatsApp for Android version 2.19.24
Proof of concept
Yes
Description
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.
Technical details
Unknown
Credits
Awakened
Reference(s)
How a double-free bug in WhatsApp turns to RCE
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
Simple POC for exploiting WhatsApp double-free bug in DDGifSlurp in decoding.c in libpl_droidsonroids_gif
https://github.com/awakened1712/CVE-2019-11932
CVE-2019-11932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11932
CVE-2019-11932
https://nvd.nist.gov/vuln/detail/CVE-2019-11932
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 14, 2019