ASA-2019-00647 – Facebook WhatsApp: A stack-based buffer overflow by sending a specially crafted MP4 file

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.

ASA-2019-00554 – WhatsApp: Double free vulnerability in the DDGifSlurp function

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.

ASA-2019-00548 – WhatsApp: Integer overflow in media parsing libraries via specially-crafted EXIF tags in WEBP images

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.