CVE-2019-11933

CRITICAL

WhatsApp for Android <2.19.291 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-11933. PoCs published by gavz, KISH84172, NatleoJ.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-11933, targeting a heap overflow vulnerability in the GIF library (gif_lib). The exploit includes crafted GIF data to trigger the vulnerability and achieve remote code execution (RCE) via a ROP chain.

Description

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.

Exploits (3)

gitlab WORKING POC

by gavz · poc

https://gitlab.com/gavz/CVE-2019-11933

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-11933, targeting a heap overflow vulnerability in the GIF library (gif_lib). The exploit includes crafted GIF data to trigger the vulnerability and achieve remote code execution (RCE) via a ROP chain.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: GIF library (gif_lib) in Android applications

No auth needed

Prerequisites: vulnerable GIF library version · ability to deliver malicious GIF file to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec STUB

by KISH84172 · poc

https://github.com/KISH84172/CVE-2019-11933

View Code ZIP pw:eip

The repository contains only a README.md file with a CVE identifier and no exploit code or technical details. It is a placeholder with minimal content.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP

by NatleoJ · poc

https://github.com/NatleoJ/CVE-2019-11933

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2019-11933, a heap corruption vulnerability in WhatsApp's media picker for Android versions before 2.19.291. The vulnerability arises from improper handling of malformed GIF files, leading to an out-of-bounds memory access during rendering.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: WhatsApp for Android < 2.19.291

No auth needed

Prerequisites: A malformed GIF file with specific image descriptor manipulations

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://www.facebook.com/security/advisories/cve-2019-11933

Scores

CVSS v3 9.8

EPSS 0.0412

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-787

Status published

Products (2)

libpl_droidsonroids_gif_project/libpl_droidsonroids_gif < 1.2.19

whatsapp/whatsapp < 2.19.291

Published Oct 23, 2019

Tracked Since Feb 18, 2026