CVE-2019-11931

HIGH

WhatsApp <2.19.274 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-11931. PoCs published by kasif-dekel, gavz, nop-team.

AI-analyzed exploit summary This PoC demonstrates a remote code execution vulnerability in WhatsApp by dynamically loading the WhatsApp library and calling a specific function with a crafted offset. It targets the `Java_com_whatsapp_Mp4Ops_mp4check` function, which is vulnerable to memory corruption.

Description

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

Exploits (3)

nomisec WORKING POC 35 stars

by kasif-dekel · poc

https://github.com/kasif-dekel/whatsapp-rce-patched

View Code ZIP pw:eip

This PoC demonstrates a remote code execution vulnerability in WhatsApp by dynamically loading the WhatsApp library and calling a specific function with a crafted offset. It targets the `Java_com_whatsapp_Mp4Ops_mp4check` function, which is vulnerable to memory corruption.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WhatsApp (specific version not specified, but likely older versions given the CVE year)

No auth needed

Prerequisites: Access to the target device's WhatsApp library · Environment variable `WHATSAPPLIB` set to the path of the WhatsApp library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

gitlab WORKING POC

by gavz · poc

https://gitlab.com/gavz/whatsapp-rce-patched

View Code ZIP pw:eip

This PoC demonstrates a memory corruption vulnerability in WhatsApp's MP4 parsing functionality by dynamically loading the WhatsApp library and invoking a vulnerable function with a crafted offset. It targets CVE-2019-11931, a stack-based buffer overflow in the MP4 parsing logic.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WhatsApp (specific version not specified, but likely pre-patch builds)

No auth needed

Prerequisites: Access to the target device's WhatsApp library · Environment variable WHATSAPPLIB set to the path of the vulnerable library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec NO CODE

by nop-team · poc

https://github.com/nop-team/CVE-2019-11931

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://www.facebook.com/security/advisories/cve-2019-11931

Scores

CVSS v3 7.8

EPSS 0.0132

EPSS Percentile 67.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (6)

whatsapp/whatsapp < 2.18.368

whatsapp/whatsapp < 2.19.100

whatsapp/whatsapp < 2.19.274

whatsapp/whatsapp_business < 2.19.100

whatsapp/whatsapp_business < 2.19.104

whatsapp/whatsapp_enterprise_client < 2.25.3

Published Nov 14, 2019

Tracked Since Feb 18, 2026