CVE-2019-11931
Last modified
CVE-2019-11931 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| <= 2.18.368 | ||
| < 2.19.100 | ||
| < 2.19.274 | ||
| Whatsapp Business | < 2.19.100 | |
| Whatsapp Business | < 2.19.104 | |
| Whatsapp Enterprise Client | < 2.25.3 |
References
- https://www.facebook.com/security/advisories/cve-2019-11931Third Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11931Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11931?
How severe is CVE-2019-11931?
How do I fix CVE-2019-11931?
Are you affected by CVE-2019-11931?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST