CVE-2019-11927

Summary

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Androidbefore version 2.19.143affected
FacebookWhatsApp for iOSbefore version 2.19.100affected

Weaknesses

  • CWE-190: Integer Overflow or Wraparound (CWE-190)

ADP Enrichment

CVE Program Container

Additional References

References