CVE-2019-11931

Summary

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Affected Software

VendorProductVersion RangeStatus
FacebookWhatsApp for Android2.19.274affected
FacebookWhatsApp for Androidunspecified < 2.19.274affected
FacebookWhatsApp for iOS2.19.100affected
FacebookWhatsApp for iOSunspecified < 2.19.100affected
FacebookWhatsApp for Windows Phoneunspecified <= 2.18.368affected
FacebookWhatsApp Enterprise Client2.25.3affected
FacebookWhatsApp Enterprise Clientunspecified < 2.25.3affected
FacebookWhatsApp Business for Android2.19.104affected
FacebookWhatsApp Business for Androidunspecified < 2.19.104affected
FacebookWhatsApp Business for iOS2.19.100affected
FacebookWhatsApp Business for iOSunspecified < 2.19.100affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow (CWE-121)

ADP Enrichment

CVE Program Container

Additional References

References