What is CVE-2019-11932?

CVE-2019-11932 is a vulnerability in Koral-- Android-gif-drawable, classified under Double Free. Published 2019-10-03.

Is CVE-2019-11932 known to be exploited?

62 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Double Free in Koral-- Android-gif-drawable

CVE-2019-11932

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote atta…

Vulnerability class: Double Free

EPSS: 0.710 (98.7th percentile) — read the EPSS interpretation.

Affected products

Koral-- Android-gif-drawable — versions unspecified

Weakness classification (CWE)

CWE-415 — Double Free

Public proof-of-concept exploits

References

www.facebook.com/security/advisories/cve-2019-11932 (x_refsource_CONFIRM)
packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.ht… (x_refsource_MISC)
github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868c… (x_refsource_CONFIRM)
github.com/koral--/android-gif-drawable/pull/673 (x_refsource_CONFIRM)
awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ (x_refsource_MISC)
20191126 CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable (mailing-list, x_refsource_FULLDISC)
gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263 (x_refsource_MISC)
packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free… (x_refsource_MISC)
github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-11932?: CVE-2019-11932 is a vulnerability in Koral-- Android-gif-drawable, classified under Double Free. Published 2019-10-03.
Is CVE-2019-11932 known to be exploited?: 62 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.