Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-11932

Published: 03/10/2019 Updated: 01/03/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 696
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Whatsapp

Vulnerability Summary

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote malicious users to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

whatsapp whatsapp

android-gif-drawable project android-gif-drawable

Exploits

Exploit DB: Whatsapp 2.19.216 - Remote Code Execution
# Exploit Title: Whatsapp 219216 - Remote Code Execution # Date: 2019-10-16 # Exploit Author: Valerio Brussani (@val_brux) # Vendor Homepage: wwwwhatsappcom/ # Version: < 219244 # Tested on: Whatsapp 219216 # CVE: CVE-2019-11932 # Reference1: awakened1712githubio/hacking/hacking-whatsapp-gif-rce/ # Full Android App: htt ...
Exploit DB: Whatsapp 2.19.216 Remote Code Execution
Whatsapp version 219216 suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/dorkerdevil/CVE-2019-11932

double-free bug in WhatsApp exploit poc

CVE-2019-11932 double-free bug in WhatsApp exploit poc #Note: make sure to set the listner ip in exploitc inorder to get shell nc -lvp 5555 or whatever port and then compile gcc -o exploit egif_libc exploitc then run /exploit and save the content to gif and send to victim #Source awakened1712githubio/hacking/hacking-whatsapp-gif-rce/ #Poc_Video drive

https://github.com/TulungagungCyberLink/CVE-2019-11932

Double-Free BUG in WhatsApp exploit poc.

CVE-2019-11932 Double-Free bug in WhatsApp exploit poc #Note: Make sure to set the listner ip in exploitc inorder to get shell nc -lvp 1337 or whatever port and then compile make or gcc -o exploit egif_libc exploitc then run /exploit and save the content to gif and send to victim Source awakened1712githubio/hacking/hacking-whatsapp-gif-rce/ P

https://github.com/valbrux/CVE-2019-11932-SupportApp

This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.

CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability

https://github.com/TortugaAttack/pen-testing

Pen Testing Scripts and install stuff

pen-testing Pen Testing Scripts and install stuff Attacks SNMP scan via UDP on port 161 snmpwalk -v 1 (or 2c) -c $FUZZ (public is often) IP check OIDs and check for right side OIDS Pass the Hash enwikipediaorg/wiki/Pass_the_hash blogstealthbitscom/passing-the-hash-with-mimikatz Interesting CVEs WhatsApp CVE-2019-11932 - awakened1712githubio/hackin

https://github.com/cbch2832/cpp5

CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability

https://github.com/starling021/whatsapp_rce

whatsapp_rce whatsapp remote code execution CVE-2019-11932 awakened1712githubio/hacking/hacking-whatsapp-gif-rce/ Full Android App: githubcom/valbrux/CVE-2019-11932-SupportApp All creditts goes to awakened and valbrux CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculatin

https://github.com/anonputraid/Link-Trackers

Modern Track Information Tool With Link Trackers

Link-Trackers Link Trackers is a Tools where you will find everything you need to detect, track and trace an IP Address using the latest IP tracking technology English | Indonesia Description Disclaimer: The contributors do not assume any responsibility for the use of this tool Supported OS : Ubuntu/Linux Mint/Kali Linux Tools Maps: β”œβ”€β”€ bin β”‚ &nb

https://github.com/twinflow/truth

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/dave59988/Ken

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/fastmo/CVE-2019-11932

Programa para hackear Whatsapp Mediante Gif ,asiendo un exploit con el puerto.

CVE-2019-11932 La dirección del sistema () y el gadget deben reemplazarse por la dirección real encontrada por una vulnerabilidad de divulgación de información Después de reemplazar la dirección del sistema () y el gadget Ejecute el código para generar el archivo GIF dañado: notroot@osboxes:~/Desktop/gif$ make

https://github.com/Monu232425/Monu232425

Config files for my GitHub profile.

CVE-2019-11932-masterzip πŸ‘‹ Hi, I’m @Monu232425 πŸ‘€ I’m interested in 🌱 I’m currently learning πŸ’žοΈ I’m looking to collaborate on πŸ“« How to reach me

https://github.com/CodewithsagarG/whatsappcrash

this is a tool for whatsapp crash and mmay more thing

whatsappcrash this is a tool for whatsapp crash and mmay more thing WhatsRCE This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution) Auto install GCC (no harm command, you can see this is open-source) Saving to GIF file How To Use ? sudo apt install git git clone githubcom/CodewithsagarG/whatsappcrash cd WhatsRCE && ba

https://github.com/nagaadv/nagaadv

Config files for my GitHub profile.

git clone githubcom/awakened1712/CVE-2019-11932 cd CVE-2019-11932 gcc -o exploit egif_libc exploitc /exploit /root/Desktop/catgif

https://github.com/starling021/CVE-2019-11932-SupportApp

CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability

https://github.com/SmoZy92/CVE-2019-11932

CVE-2019-11932 Modifiez l'adresse d'écoute (celle de l'attaquant) ainsi que le port d'écoute dans le fichier exploitc Code hexa suivant : 3139 322e 3136 382e 322e 3732 2034 3434 3420 Compilez le code : gcc -o exploit egif_libc exploitc Lancez le fichier compilé /exploit exploitgif c/c l'output dans un gif Lancez le list

https://github.com/zxn1/CVE-2019-11932

CVE-2019-11932

https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932

Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger

WhatsApp-Double-Free-Vulnerability_CVE-2019-11932 Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger This vulnerability was found by researcher Awakened, who published an exploit PoC of this bug In this blog, I will demonstrate how this exploit works by dynamically debugging it with GEF-GDB, showing how to use its double-free

https://github.com/jsn-OO7/whatsapp

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/dashtic172/abdul

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/Ysaidin78/jubilant-octo-couscous

jubilant-octo-couscous CVE-2019-11932-whatsap-exploit The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: now lets do it root@mranonymousTZ:~/root/Desktop/CVE-2019-11932-whatsap-exploit$ chmod +x buildpy ro

https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit

Double-free vulnerability in DDGifSlurp in decoding.c in libpl_droidsonroids_gif can read more https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/

CVE-2019-11932-whatsap-exploit The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: now lets do it root@mranonymousTZ:~/root/Desktop/CVE-2019-11932-whatsap-exploit$ chmod +x buildpy root@mranonymousTZ:~/root

https://github.com/tucommenceapousser/CVE-2019-11932

Double-Free BUG in WhatsApp exploit poc.

CVE-2019-11932 Double-Free BUG in WhatsApp exploit poc Usage bash createsh clone on replit and run Manually nc -lvp 5555 or whatever port and then compile gcc -o exp egif_libc exploitc then run /exp and save the con

https://github.com/Tabni/https-github.com-awakened1712-CVE-2019-11932

CVE-2019-11932

https-githubcom-awakened1712-CVE-2019-11932 CVE-2019-11932

https://github.com/tucommenceapousser/CVE-2019-11932deta

Double-Free BUG in WhatsApp exploit poc.

CVE-2019-11932 Double-Free BUG in WhatsApp exploit poc Usage bash createsh

https://github.com/shazil425/Whatsapp-

CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability

https://github.com/PleXone2019/WhatsRCE

WhatsRCE This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution) Auto install GCC (no harm command, you can see this is open-source) Saving to GIF file How To Use ? sudo apt install git git clone githubcom/KeepWannabe/WhatsRCE cd WhatsRCE && bash startsh How Get Shell ? You ju

https://github.com/dave59988/dave59988

Config files for my GitHub profile.

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/0759104103/cd-CVE-2019-11932

cd-CVE-2019-11932

https://github.com/Hacker-Yadav/CVE-2019-11932

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/TinToSer/whatsapp_rce

whatsapp remote code execution

whatsapp_rce whatsapp remote code execution CVE-2019-11932 awakened1712githubio/hacking/hacking-whatsapp-gif-rce/ Full Android App: githubcom/valbrux/CVE-2019-11932-SupportApp All creditts goes to awakened and valbrux CVE-2019-11932-SupportApp This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculatin

https://github.com/frankzappasmustache/starred-repos

A full list of my starred repositories

Awesome Stars A curated list of my GitHub stars! Generated by stargazed 🏠 Contents Arduino (5) Batchfile (1) C (36) C# (8) C++ (53) CSS (5) D (1) Dart (1) EJS (1) Fennel (1) Go (10) HTML (14) Haskell (1) Java (19) JavaScript (52) Julia (1) Jupyter Notebook (5) Kotlin (4) Lua (3) Makefile (3) Nix (1) Objective-C (6) Others (74) PHP (19) Perl (5) PowerShell (7) Python (1

https://github.com/Err0r-ICA/WhatsPayloadRCE

Whatsapp Automatic Payload Generator [CVE-2019-11932]

WhatsPayloadRCE This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution) Auto install GCC (no harm command, you can see this is open-source) Saving to GIF file How To Use ? sudo apt install git git clone githubcom/Err0r-ICA/WhatsPayloadRCE cd WhatsPayloadRCE && bash start Screens

https://github.com/84KaliPleXon3/WhatsRCE

WhatsRCE This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution) Auto install GCC (no harm command, you can see this is open-source) Saving to GIF file How To Use ? sudo apt install git git clone githubcom/KeepWannabe/WhatsRCE cd WhatsRCE && bash startsh How Get Shell ? You ju

https://github.com/KeepWannabe/WhatsRCE

This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution)

WhatsRCE This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution) Auto install GCC (no harm command, you can see this is open-source) Saving to GIF file How To Use ? sudo apt install git git clone githubcom/KeepWannabe/WhatsRCE cd WhatsRCE && bash startsh How Get Shell ? You ju

https://github.com/infiniteLoopers/CVE-2019-11932

CVE-2019-11932 How a double-free bug in WhatsApp turns to RCE I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE I informed this to Facebook Facebook acknowledged and patched it officially in WhatsApp version 219244 Facebook helped to reserve CVE-2019-11932 for this issue WhatsApp users, pl

https://github.com/awakened1712/CVE-2019-11932

Simple POC for exploiting WhatsApp double-free bug in DDGifSlurp in decoding.c in libpl_droidsonroids_gif

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/Rakshi220/Rakshi220

Config files for my GitHub profile.

CVE-2019-11932 The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability After replacing address of system() and gadget Run the code to generate the corrupted GIF file: notroot@osboxes:~/Desktop/gif$ make notroot@osboxes:~/Desktop/gif$ /exploit exploitgif buffer = 0x7ffc586cd8b0 size = 26

https://github.com/Gazafi99/Gazafi99

Config files for my GitHub profile.

githubcom/valbrux/CVE-2019-11932-SupportAppgit

Recent Articles

A Nord VPN bug, a(nother) bad Microsoft patch, Zynga data farmed out, and more
The Register β€’ Shaun Nichols in San Francisco β€’ 05 Oct 2019

Plus, NSA's Ghidra found to contain faulty code

Roundup Here's the latest security news in handy digest form of stories you may have missed over the last week. Reg reader Tony H writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a connection that looks to be protected by NordVPN, but in reality it is completely exposed. Here's how it works: The user first connects to 1.1.1.1 with Warp, then disables the app without turning off Warp. ...

Read more...

References

CWE-415https://www.facebook.com/security/advisories/cve-2019-11932http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2019/Nov/27https://github.com/koral--/android-gif-drawable/pull/673/commits/4944c92761e0a14f04868cbcf4f4e86fd4b7a4a9https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/https://github.com/koral--/android-gif-drawable/pull/673https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.htmlhttps://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20https://nvd.nist.govhttps://www.exploit-db.com/exploits/47515https://github.com/dorkerdevil/CVE-2019-11932
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook