Allele Security Alert
ASA-2019-00647
Identifier(s)
ASA-2019-00647, CVE-2019-11931
Title
A stack-based buffer overflow by sending a specially crafted MP4 file
Vendor(s)
Product(s)
Facebook WhatsApp
Affected version(s)
Facebook WhatsApp Android versions prior to 2.19.274
Facebook WhatsApp iOS versions prior to 2.19.100
Facebook WhatsApp Enterprise Client versions prior to 2.25.3
Facebook WhatsApp Windows Phone versions before and including 2.18.368
Facebook WhatsApp Business for Android versions prior to 2.19.104
Facebook WhatsApp Business for iOS versions prior to 2.19.100
Fixed version(s)
Facebook WhatsApp Android version 2.19.274
Facebook WhatsApp iOS version 2.19.100
Facebook WhatsApp Enterprise Client version 2.25.3
Facebook WhatsApp Business for Android version 2.19.104
Facebook WhatsApp Business for iOS version 2.19.100
Proof of concept
Unknown
Description
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.
Technical details
Unknown
Credits
Unknown
Reference(s)
CVE-2019-11931
https://www.facebook.com/security/advisories/CVE-2019-11931
Changelog – WhatsApp Business API – Documentation – Facebook for Developers
https://developers.facebook.com/docs/whatsapp/changelog
CVE-2019-11931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931
CVE-2019-11931
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 16, 2019