Vulnerability Details CVE-2019-11932
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.802
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html
- http://seclists.org/fulldisclosure/2019/Nov/27
- https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263
- https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20
- https://github.com/koral--/android-gif-drawable/pull/673
- https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9
- https://www.facebook.com/security/advisories/cve-2019-11932
- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html
- http://seclists.org/fulldisclosure/2019/Nov/27
- https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263
- https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20
- https://github.com/koral--/android-gif-drawable/pull/673
- https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9
- https://www.facebook.com/security/advisories/cve-2019-11932
Products affected by CVE-2019-11932
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.0
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.1
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.10
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.11
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.12
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.2
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.3
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.4
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.5
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.6
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.7
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.8
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.0.9
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.0
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.1
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.10
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.11
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.12
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.13
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.14
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.15
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.16
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.17
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.2
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.3
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.4
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.5
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.6
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.7
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.8
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.1.9
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.0
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.1
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.10
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.11
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.12
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.13
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.14
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.15
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.16
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.17
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.2
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.3
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.4
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.5
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.6
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.7
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.8
-
cpe:2.3:a:android-gif-drawable_project:android-gif-drawable:1.2.9
-
cpe:2.3:a:whatsapp:whatsapp:-
-
cpe:2.3:a:whatsapp:whatsapp:0.0.104
-
cpe:2.3:a:whatsapp:whatsapp:0.0.120
-
cpe:2.3:a:whatsapp:whatsapp:0.0.58
-
cpe:2.3:a:whatsapp:whatsapp:0.0.60
-
cpe:2.3:a:whatsapp:whatsapp:0.0.62
-
cpe:2.3:a:whatsapp:whatsapp:0.0.73
-
cpe:2.3:a:whatsapp:whatsapp:0.0.75
-
cpe:2.3:a:whatsapp:whatsapp:0.0.86
-
cpe:2.3:a:whatsapp:whatsapp:0.0.89
-
cpe:2.3:a:whatsapp:whatsapp:0.0.98
-
cpe:2.3:a:whatsapp:whatsapp:2.11.544
-
cpe:2.3:a:whatsapp:whatsapp:2.11.561
-
cpe:2.3:a:whatsapp:whatsapp:2.12.14
-
cpe:2.3:a:whatsapp:whatsapp:2.12.250
-
cpe:2.3:a:whatsapp:whatsapp:2.12.30
-
cpe:2.3:a:whatsapp:whatsapp:2.12.304
-
cpe:2.3:a:whatsapp:whatsapp:2.12.331
-
cpe:2.3:a:whatsapp:whatsapp:2.12.367
-
cpe:2.3:a:whatsapp:whatsapp:2.12.453
-
cpe:2.3:a:whatsapp:whatsapp:2.12.48
-
cpe:2.3:a:whatsapp:whatsapp:2.12.50
-
cpe:2.3:a:whatsapp:whatsapp:2.12.556
-
cpe:2.3:a:whatsapp:whatsapp:2.16.207
-
cpe:2.3:a:whatsapp:whatsapp:2.16.225
-
cpe:2.3:a:whatsapp:whatsapp:2.16.275
-
cpe:2.3:a:whatsapp:whatsapp:2.16.306
-
cpe:2.3:a:whatsapp:whatsapp:2.16.310
-
cpe:2.3:a:whatsapp:whatsapp:2.16.323
-
cpe:2.3:a:whatsapp:whatsapp:2.16.352
-
cpe:2.3:a:whatsapp:whatsapp:2.16.382
-
cpe:2.3:a:whatsapp:whatsapp:2.16.392
-
cpe:2.3:a:whatsapp:whatsapp:2.16.396
-
cpe:2.3:a:whatsapp:whatsapp:2.16.95
-
cpe:2.3:a:whatsapp:whatsapp:2.17.107
-
cpe:2.3:a:whatsapp:whatsapp:2.17.146
-
cpe:2.3:a:whatsapp:whatsapp:2.17.190
-
cpe:2.3:a:whatsapp:whatsapp:2.17.223
-
cpe:2.3:a:whatsapp:whatsapp:2.17.24
-
cpe:2.3:a:whatsapp:whatsapp:2.17.254
-
cpe:2.3:a:whatsapp:whatsapp:2.17.296
-
cpe:2.3:a:whatsapp:whatsapp:2.17.323
-
cpe:2.3:a:whatsapp:whatsapp:2.17.351
-
cpe:2.3:a:whatsapp:whatsapp:2.17.395
-
cpe:2.3:a:whatsapp:whatsapp:2.17.427
-
cpe:2.3:a:whatsapp:whatsapp:2.17.79
-
cpe:2.3:a:whatsapp:whatsapp:2.18.1
-
cpe:2.3:a:whatsapp:whatsapp:2.18.100
-
cpe:2.3:a:whatsapp:whatsapp:2.18.101
-
cpe:2.3:a:whatsapp:whatsapp:2.18.102
-
cpe:2.3:a:whatsapp:whatsapp:2.18.104
-
cpe:2.3:a:whatsapp:whatsapp:2.18.105
-
cpe:2.3:a:whatsapp:whatsapp:2.18.106
-
cpe:2.3:a:whatsapp:whatsapp:2.18.108
-
cpe:2.3:a:whatsapp:whatsapp:2.18.109
-
cpe:2.3:a:whatsapp:whatsapp:2.18.111
-
cpe:2.3:a:whatsapp:whatsapp:2.18.116
-
cpe:2.3:a:whatsapp:whatsapp:2.18.117
-
cpe:2.3:a:whatsapp:whatsapp:2.18.121
-
cpe:2.3:a:whatsapp:whatsapp:2.18.122
-
cpe:2.3:a:whatsapp:whatsapp:2.18.123
-
cpe:2.3:a:whatsapp:whatsapp:2.18.124
-
cpe:2.3:a:whatsapp:whatsapp:2.18.126
-
cpe:2.3:a:whatsapp:whatsapp:2.18.129
-
cpe:2.3:a:whatsapp:whatsapp:2.18.13
-
cpe:2.3:a:whatsapp:whatsapp:2.18.130
-
cpe:2.3:a:whatsapp:whatsapp:2.18.131
-
cpe:2.3:a:whatsapp:whatsapp:2.18.132
-
cpe:2.3:a:whatsapp:whatsapp:2.18.14
-
cpe:2.3:a:whatsapp:whatsapp:2.18.150
-
cpe:2.3:a:whatsapp:whatsapp:2.18.18
-
cpe:2.3:a:whatsapp:whatsapp:2.18.21
-
cpe:2.3:a:whatsapp:whatsapp:2.18.22
-
cpe:2.3:a:whatsapp:whatsapp:2.18.248
-
cpe:2.3:a:whatsapp:whatsapp:2.18.26
-
cpe:2.3:a:whatsapp:whatsapp:2.18.276
-
cpe:2.3:a:whatsapp:whatsapp:2.18.28
-
cpe:2.3:a:whatsapp:whatsapp:2.18.29
-
cpe:2.3:a:whatsapp:whatsapp:2.18.293
-
cpe:2.3:a:whatsapp:whatsapp:2.18.295
-
cpe:2.3:a:whatsapp:whatsapp:2.18.3
-
cpe:2.3:a:whatsapp:whatsapp:2.18.30
-
cpe:2.3:a:whatsapp:whatsapp:2.18.306
-
cpe:2.3:a:whatsapp:whatsapp:2.18.32
-
cpe:2.3:a:whatsapp:whatsapp:2.18.327
-
cpe:2.3:a:whatsapp:whatsapp:2.18.33
-
cpe:2.3:a:whatsapp:whatsapp:2.18.341
-
cpe:2.3:a:whatsapp:whatsapp:2.18.35
-
cpe:2.3:a:whatsapp:whatsapp:2.18.36
-
cpe:2.3:a:whatsapp:whatsapp:2.18.361
-
cpe:2.3:a:whatsapp:whatsapp:2.18.37
-
cpe:2.3:a:whatsapp:whatsapp:2.18.373
-
cpe:2.3:a:whatsapp:whatsapp:2.18.38
-
cpe:2.3:a:whatsapp:whatsapp:2.18.380
-
cpe:2.3:a:whatsapp:whatsapp:2.18.42
-
cpe:2.3:a:whatsapp:whatsapp:2.18.43
-
cpe:2.3:a:whatsapp:whatsapp:2.18.44
-
cpe:2.3:a:whatsapp:whatsapp:2.18.49
-
cpe:2.3:a:whatsapp:whatsapp:2.18.51
-
cpe:2.3:a:whatsapp:whatsapp:2.18.54
-
cpe:2.3:a:whatsapp:whatsapp:2.18.55
-
cpe:2.3:a:whatsapp:whatsapp:2.18.62
-
cpe:2.3:a:whatsapp:whatsapp:2.18.63
-
cpe:2.3:a:whatsapp:whatsapp:2.18.68
-
cpe:2.3:a:whatsapp:whatsapp:2.18.69
-
cpe:2.3:a:whatsapp:whatsapp:2.18.7
-
cpe:2.3:a:whatsapp:whatsapp:2.18.71
-
cpe:2.3:a:whatsapp:whatsapp:2.18.72
-
cpe:2.3:a:whatsapp:whatsapp:2.18.75
-
cpe:2.3:a:whatsapp:whatsapp:2.18.77
-
cpe:2.3:a:whatsapp:whatsapp:2.18.79
-
cpe:2.3:a:whatsapp:whatsapp:2.18.80
-
cpe:2.3:a:whatsapp:whatsapp:2.18.87
-
cpe:2.3:a:whatsapp:whatsapp:2.18.9
-
cpe:2.3:a:whatsapp:whatsapp:2.18.90
-
cpe:2.3:a:whatsapp:whatsapp:2.18.91
-
cpe:2.3:a:whatsapp:whatsapp:2.18.92
-
cpe:2.3:a:whatsapp:whatsapp:2.18.94
-
cpe:2.3:a:whatsapp:whatsapp:2.18.95
-
cpe:2.3:a:whatsapp:whatsapp:2.18.99
-
cpe:2.3:a:whatsapp:whatsapp:2.19.102
-
cpe:2.3:a:whatsapp:whatsapp:2.19.103
-
cpe:2.3:a:whatsapp:whatsapp:2.19.106
-
cpe:2.3:a:whatsapp:whatsapp:2.19.108
-
cpe:2.3:a:whatsapp:whatsapp:2.19.110
-
cpe:2.3:a:whatsapp:whatsapp:2.19.113
-
cpe:2.3:a:whatsapp:whatsapp:2.19.115
-
cpe:2.3:a:whatsapp:whatsapp:2.19.116
-
cpe:2.3:a:whatsapp:whatsapp:2.19.118
-
cpe:2.3:a:whatsapp:whatsapp:2.19.119
-
cpe:2.3:a:whatsapp:whatsapp:2.19.120
-
cpe:2.3:a:whatsapp:whatsapp:2.19.123
-
cpe:2.3:a:whatsapp:whatsapp:2.19.126
-
cpe:2.3:a:whatsapp:whatsapp:2.19.127
-
cpe:2.3:a:whatsapp:whatsapp:2.19.128
-
cpe:2.3:a:whatsapp:whatsapp:2.19.129
-
cpe:2.3:a:whatsapp:whatsapp:2.19.130
-
cpe:2.3:a:whatsapp:whatsapp:2.19.131
-
cpe:2.3:a:whatsapp:whatsapp:2.19.133
-
cpe:2.3:a:whatsapp:whatsapp:2.19.134
-
cpe:2.3:a:whatsapp:whatsapp:2.19.136
-
cpe:2.3:a:whatsapp:whatsapp:2.19.138
-
cpe:2.3:a:whatsapp:whatsapp:2.19.139
-
cpe:2.3:a:whatsapp:whatsapp:2.19.14
-
cpe:2.3:a:whatsapp:whatsapp:2.19.142
-
cpe:2.3:a:whatsapp:whatsapp:2.19.143
-
cpe:2.3:a:whatsapp:whatsapp:2.19.144
-
cpe:2.3:a:whatsapp:whatsapp:2.19.145
-
cpe:2.3:a:whatsapp:whatsapp:2.19.147
-
cpe:2.3:a:whatsapp:whatsapp:2.19.148
-
cpe:2.3:a:whatsapp:whatsapp:2.19.150
-
cpe:2.3:a:whatsapp:whatsapp:2.19.152
-
cpe:2.3:a:whatsapp:whatsapp:2.19.154
-
cpe:2.3:a:whatsapp:whatsapp:2.19.155
-
cpe:2.3:a:whatsapp:whatsapp:2.19.156
-
cpe:2.3:a:whatsapp:whatsapp:2.19.157
-
cpe:2.3:a:whatsapp:whatsapp:2.19.158
-
cpe:2.3:a:whatsapp:whatsapp:2.19.159
-
cpe:2.3:a:whatsapp:whatsapp:2.19.160
-
cpe:2.3:a:whatsapp:whatsapp:2.19.163
-
cpe:2.3:a:whatsapp:whatsapp:2.19.164
-
cpe:2.3:a:whatsapp:whatsapp:2.19.165
-
cpe:2.3:a:whatsapp:whatsapp:2.19.166
-
cpe:2.3:a:whatsapp:whatsapp:2.19.167
-
cpe:2.3:a:whatsapp:whatsapp:2.19.168
-
cpe:2.3:a:whatsapp:whatsapp:2.19.169
-
cpe:2.3:a:whatsapp:whatsapp:2.19.17
-
cpe:2.3:a:whatsapp:whatsapp:2.19.170
-
cpe:2.3:a:whatsapp:whatsapp:2.19.171
-
cpe:2.3:a:whatsapp:whatsapp:2.19.172
-
cpe:2.3:a:whatsapp:whatsapp:2.19.174
-
cpe:2.3:a:whatsapp:whatsapp:2.19.175
-
cpe:2.3:a:whatsapp:whatsapp:2.19.176
-
cpe:2.3:a:whatsapp:whatsapp:2.19.177
-
cpe:2.3:a:whatsapp:whatsapp:2.19.178
-
cpe:2.3:a:whatsapp:whatsapp:2.19.179
-
cpe:2.3:a:whatsapp:whatsapp:2.19.18
-
cpe:2.3:a:whatsapp:whatsapp:2.19.184
-
cpe:2.3:a:whatsapp:whatsapp:2.19.185
-
cpe:2.3:a:whatsapp:whatsapp:2.19.186
-
cpe:2.3:a:whatsapp:whatsapp:2.19.187
-
cpe:2.3:a:whatsapp:whatsapp:2.19.189
-
cpe:2.3:a:whatsapp:whatsapp:2.19.19
-
cpe:2.3:a:whatsapp:whatsapp:2.19.191
-
cpe:2.3:a:whatsapp:whatsapp:2.19.192
-
cpe:2.3:a:whatsapp:whatsapp:2.19.194
-
cpe:2.3:a:whatsapp:whatsapp:2.19.195
-
cpe:2.3:a:whatsapp:whatsapp:2.19.196
-
cpe:2.3:a:whatsapp:whatsapp:2.19.203
-
cpe:2.3:a:whatsapp:whatsapp:2.19.216
-
cpe:2.3:a:whatsapp:whatsapp:2.19.230
-
cpe:2.3:a:whatsapp:whatsapp:2.19.24
-
cpe:2.3:a:whatsapp:whatsapp:2.19.243
-
cpe:2.3:a:whatsapp:whatsapp:2.19.25
-
cpe:2.3:a:whatsapp:whatsapp:2.19.27
-
cpe:2.3:a:whatsapp:whatsapp:2.19.28
-
cpe:2.3:a:whatsapp:whatsapp:2.19.29
-
cpe:2.3:a:whatsapp:whatsapp:2.19.31
-
cpe:2.3:a:whatsapp:whatsapp:2.19.33
-
cpe:2.3:a:whatsapp:whatsapp:2.19.34
-
cpe:2.3:a:whatsapp:whatsapp:2.19.35
-
cpe:2.3:a:whatsapp:whatsapp:2.19.39
-
cpe:2.3:a:whatsapp:whatsapp:2.19.4
-
cpe:2.3:a:whatsapp:whatsapp:2.19.42
-
cpe:2.3:a:whatsapp:whatsapp:2.19.44
-
cpe:2.3:a:whatsapp:whatsapp:2.19.45
-
cpe:2.3:a:whatsapp:whatsapp:2.19.46
-
cpe:2.3:a:whatsapp:whatsapp:2.19.48
-
cpe:2.3:a:whatsapp:whatsapp:2.19.5
-
cpe:2.3:a:whatsapp:whatsapp:2.19.50
-
cpe:2.3:a:whatsapp:whatsapp:2.19.51
-
cpe:2.3:a:whatsapp:whatsapp:2.19.52
-
cpe:2.3:a:whatsapp:whatsapp:2.19.54
-
cpe:2.3:a:whatsapp:whatsapp:2.19.55
-
cpe:2.3:a:whatsapp:whatsapp:2.19.56
-
cpe:2.3:a:whatsapp:whatsapp:2.19.57
-
cpe:2.3:a:whatsapp:whatsapp:2.19.59
-
cpe:2.3:a:whatsapp:whatsapp:2.19.6
-
cpe:2.3:a:whatsapp:whatsapp:2.19.61
-
cpe:2.3:a:whatsapp:whatsapp:2.19.63
-
cpe:2.3:a:whatsapp:whatsapp:2.19.65
-
cpe:2.3:a:whatsapp:whatsapp:2.19.67
-
cpe:2.3:a:whatsapp:whatsapp:2.19.69
-
cpe:2.3:a:whatsapp:whatsapp:2.19.7
-
cpe:2.3:a:whatsapp:whatsapp:2.19.71
-
cpe:2.3:a:whatsapp:whatsapp:2.19.73
-
cpe:2.3:a:whatsapp:whatsapp:2.19.74
-
cpe:2.3:a:whatsapp:whatsapp:2.19.75
-
cpe:2.3:a:whatsapp:whatsapp:2.19.78
-
cpe:2.3:a:whatsapp:whatsapp:2.19.79
-
cpe:2.3:a:whatsapp:whatsapp:2.19.8
-
cpe:2.3:a:whatsapp:whatsapp:2.19.80
-
cpe:2.3:a:whatsapp:whatsapp:2.19.81
-
cpe:2.3:a:whatsapp:whatsapp:2.19.82
-
cpe:2.3:a:whatsapp:whatsapp:2.19.83
-
cpe:2.3:a:whatsapp:whatsapp:2.19.86
-
cpe:2.3:a:whatsapp:whatsapp:2.19.87
-
cpe:2.3:a:whatsapp:whatsapp:2.19.89
-
cpe:2.3:a:whatsapp:whatsapp:2.19.9
-
cpe:2.3:a:whatsapp:whatsapp:2.19.92
-
cpe:2.3:a:whatsapp:whatsapp:2.19.93
-
cpe:2.3:a:whatsapp:whatsapp:2.19.95
-
cpe:2.3:a:whatsapp:whatsapp:2.19.97
-
cpe:2.3:a:whatsapp:whatsapp:2.19.98
-
cpe:2.3:a:whatsapp:whatsapp:2.19.99
-
cpe:2.3:a:whatsapp:whatsapp:2.9.243