Facebook Whatsapp For Android
23 CVEs affecting Facebook Whatsapp For Android. Latest disclosed: 2026-05-01. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-38537 | Medium | 5.6 | 2023-10-04 | A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have re… |
CVE-2023-38538 | Medium | 5.0 | 2023-10-04 | A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexp… |
CVE-2026-23866 | Medium | 4.3 | 2026-05-01 | Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26… |
CVE-2021-24042 | | 2022-01-04 | The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Bu… | |
CVE-2021-24041 | | 2021-12-07 | A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-o… | |
CVE-2021-24035 | | 2021-06-11 | A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed… | |
CVE-2021-24027 | | 2021-04-06 | A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to… | |
CVE-2021-24026 | | 2021-04-06 | A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v… | |
CVE-2020-1907 | | 2020-10-06 | A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsA… | |
CVE-2020-1906 | | 2020-10-06 | A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when… | |
CVE-2020-1905 | | 2020-10-06 | Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have all… | |
CVE-2020-1902 | | 2020-10-06 | A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35… | |
CVE-2020-1890 | | 2020-09-03 | A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticke… | |
CVE-2020-1886 | | 2020-09-03 | A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a… | |
CVE-2019-11931 | | 2019-11-14 | A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the e… | |
CVE-2019-11933 | | 2019-10-23 | A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to ex… | |
CVE-2019-11927 | | 2019-09-27 | An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags… | |
CVE-2018-6350 | | 2019-06-14 | An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, Wh… | |
CVE-2018-6349 | | 2019-06-14 | When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affe… | |
CVE-2018-6339 | | 2019-06-14 | When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant… |