CVE Vulnerabilities

CVE-2019-11932

Double Free

Published: Oct 03, 2019 | Modified: Mar 01, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Whatsapp Whatsapp * 2.19.244 (excluding)

Potential Mitigations

References