← voltar
CVE-2019-11932

CVE-2019-11932

EPSS 44.5%CWE-415
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
Produtos afetados
koral-- · android-gif-drawable
PoCs públicas encontradas21
githubgithub.com/dorkerdevil/CVE-2019-11932267githubgithub.com/awakened1712/CVE-2019-11932208githubgithub.com/valbrux/CVE-2019-11932-SupportApp38githubgithub.com/Err0r-ICA/WhatsPayloadRCE34githubgithub.com/kal1gh0st/WhatsAppHACK-RCE25githubgithub.com/fastmo/CVE-2019-1193217githubgithub.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit16githubgithub.com/SmoZy92/CVE-2019-119326githubgithub.com/TulungagungCyberLink/CVE-2019-119324githubgithub.com/infiniteLoopers/CVE-2019-119324githubgithub.com/JasonJerry/WhatsRCE4githubgithub.com/Tabni/https-github.com-awakened1712-CVE-2019-119321githubgithub.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-119320githubgithub.com/0759104103/cd-CVE-2019-119320githubgithub.com/primebeast/CVE-2019-119320githubgithub.com/starling021/CVE-2019-11932-SupportApp0githubgithub.com/OrdaraatSite/https-github.com-awakened1710githubgithub.com/BadAssAiras/hello0exploitdbwww.exploit-db.com/exploits/47515não verificadocve_referencepacketstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlhttps://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/http://seclists.org/fulldisclosure/2019/Nov/27https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20https://github.com/koral--/android-gif-drawable/pull/673https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9https://www.facebook.com/security/advisories/cve-2019-11932