GIF Processing Vulnerability That Present in WhatsApp Also Affects More Than 28,300 Android Apps


Double-free Bug

WhatsApp recently patched a vulnerability that allows remote attackers to execute arbitrary code or cause a DoS situation. The vulnerability can be tracked as CVE-2019-11932.

The vulnerability resides “libpl_droidsonroids_gif” library which is the part of the android-gif-drawable package. The library is responsible for providing Views and Drawable for displaying animated GIFs on Android.

The vulnerability was patched with version 2.19.244, affected version 1.2.15, but the problem is, still several apps that use the old version are under risk.

Read more…