CVE-2019-11931

HIGH

WhatsApp <2.19.274 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Exploits (3)

nomisec WORKING POC 35 stars

by kasif-dekel · poc

https://github.com/kasif-dekel/whatsapp-rce-patched

View Code ZIP pw:eip

gitlab WORKING POC

by gavz · poc

https://gitlab.com/gavz/whatsapp-rce-patched

View Code ZIP pw:eip

nomisec NO CODE

by nop-team · poc

https://github.com/nop-team/CVE-2019-11931

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.facebook.com/security/advisories/cve-2019-11931

Scores

CVSS v3 7.8

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (6)

whatsapp/whatsapp < 2.18.368

whatsapp/whatsapp < 2.19.100

whatsapp/whatsapp < 2.19.274

whatsapp/whatsapp_business < 2.19.100

whatsapp/whatsapp_business < 2.19.104

whatsapp/whatsapp_enterprise_client < 2.25.3

Published Nov 14, 2019

Tracked Since Feb 18, 2026