CVE-2019-11931

CVSS V2 Medium 6.8 CVSS V3 High 7.8
Description
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
Overview
  • CVE ID
  • CVE-2019-11931
  • Assigner
  • cve-assign@fb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-11-14T23:15:10
  • Last Modified Date
  • 2019-11-19T13:39:00
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows:*:* 1 OR 2.18.368
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:* 1 OR 2.19.100
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:* 1 OR 2.19.274
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:* 1 OR 2.19.100
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:* 1 OR 2.19.104
cpe:2.3:a:whatsapp:whatsapp_enterprise_client:*:*:*:*:*:*:*:* 1 OR 2.25.3
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.facebook.com/security/advisories/cve-2019-11931 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-11931
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11931
History
Created Old Value New Value Data Type Notes
2022-05-10 16:59:06 Added to TrackCVE
2022-12-04 06:25:17 2019-11-14T23:15Z 2019-11-14T23:15:10 CVE Published Date updated
2022-12-04 06:25:17 2019-11-19T13:39:00 CVE Modified Date updated
2022-12-04 06:25:17 Analyzed Vulnerability Status updated