Stack-based buffer overflow in WhatsApp Messenger for Android and WhatsApp Messenger for iOS - CVE-2019-11931
Published: November 17, 2019
Vulnerability identifier: #VU22805
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-11931
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: WhatsApp
Affected software:
WhatsApp Messenger for Android
WhatsApp Messenger for iOS
WhatsApp Messenger for Android
WhatsApp Messenger for iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing elementary stream metadata in MP4 files. A remote attacker can send a specially crafted MP4 file to he victim, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2019-11931
Install updates from vendor's website. The vulnerability affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100,
Enterprise Client versions prior to 2.25.3, Business for Android
versions prior to 2.19.104 and Business for iOS versions prior to
2.19.100.