Double Free

CVE-2019-11932

High

8.8/10

Summary

A double-free vulnerability in the "DDGifSlurp" function in "decoding.c" in the android-gif-drawable library versions prior to 1.2.18, as used in WhatsApp for Android versions prior to 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a Denial-of-Service (DoS) when the library is used to parse a specially crafted GIF image.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory
Advisory
Mail Thread
Pull request
POC/Exploit
Disclosure

Advisory Timeline

Published Oct 03, 2019

Double Free

CVE-2019-11932

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS