Vulnerability Description
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| <= 2.18.368 | ||
| Whatsapp Business | < 2.19.100 | |
| Whatsapp Enterprise Client | < 2.25.3 |
Related Weaknesses (CWE)
References
- https://www.facebook.com/security/advisories/cve-2019-11931Third Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11931Third Party Advisory
FAQ
What is CVE-2019-11931?
CVE-2019-11931 is a vulnerability with a CVSS score of 7.8 (HIGH). A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file ...
How severe is CVE-2019-11931?
CVE-2019-11931 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11931?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp, Whatsapp Whatsapp Business, Whatsapp Whatsapp Enterprise Client.