CVE-2019-11419

MEDIUM

WeChat < 7.0.3 - Denial of Service via Crafted .wxgf Emoji File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11419. PoCs published by Hong Nhat Pham.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in WeChat for Android by replacing an emoji file with a crafted .wxgf file, causing the application to crash when the emoji is rendered. The PoC requires local access and specific prerequisites, such as the user having sent or received a GIF file in WeChat.

Description

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.

Exploits (1)

exploitdb WORKING POC

by Hong Nhat Pham · textdosandroid

https://www.exploit-db.com/exploits/46853

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in WeChat for Android by replacing an emoji file with a crafted .wxgf file, causing the application to crash when the emoji is rendered. The PoC requires local access and specific prerequisites, such as the user having sent or received a GIF file in WeChat.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: WeChat for Android (up to version 7.0.4)

No auth needed

Prerequisites: Local access to the device · User must have sent or received a GIF file in WeChat · Retrieval of the phone's IMEI

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Technical Description x_refsource_misc

https://awakened1712.github.io/hacking/hacking-wechat-dos/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152947/WeChat-7.0.4-Denial-Of-Service.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46853

Scores

CVSS v3 5.5

EPSS 0.0403

EPSS Percentile 89.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (1)

tencent/wechat < 7.0.3

Published May 14, 2019

Tracked Since Feb 18, 2026