cve/2019/CVE-2019-11932.md

### [CVE-2019-11932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11932)
![](https://img.shields.io/static/v1?label=Product&message=android-gif-drawable&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.2.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20free%20(CWE-415)&color=brighgreen)

### Description

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

### POC

#### Reference
- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html
- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html
- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263
- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263

#### Github
- https://github.com/0759104103/cd-CVE-2019-11932
- https://github.com/0xT11/CVE-POC
- https://github.com/5l1v3r1/CVE-2019-11932
- https://github.com/84KaliPleXon3/WhatsRCE
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CodewithsagarG/whatsappcrash
- https://github.com/Err0r-ICA/WhatsPayloadRCE
- https://github.com/Gazafi99/Gazafi99
- https://github.com/GhostTroops/TOP
- https://github.com/IdelTeam/gifs
- https://github.com/JERRY123S/all-poc
- https://github.com/JasonJerry/WhatsRCE
- https://github.com/Monu232425/Monu232425
- https://github.com/PleXone2019/WhatsRCE
- https://github.com/Rakshi220/Rakshi220
- https://github.com/SmoZy92/CVE-2019-11932
- https://github.com/Tabni/https-github.com-awakened1712-CVE-2019-11932
- https://github.com/TinToSer/whatsapp_rce
- https://github.com/TortugaAttack/pen-testing
- https://github.com/TulungagungCyberLink/CVE-2019-11932
- https://github.com/Ysaidin78/jubilant-octo-couscous
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/anonputraid/Link-Trackers
- https://github.com/anquanscan/sec-tools
- https://github.com/awakened1712/CVE-2019-11932
- https://github.com/cbch2832/cpp5
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dashtic172/abdul
- https://github.com/dave59988/Ken
- https://github.com/dave59988/dave59988
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dorkerdevil/CVE-2019-11932
- https://github.com/fastmo/CVE-2019-11932
- https://github.com/frankzappasmustache/starred-repos
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/infiniteLoopers/CVE-2019-11932
- https://github.com/jbmihoub/all-poc
- https://github.com/jsn-OO7/whatsapp
- https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932
- https://github.com/kal1gh0st/WhatsAppHACK-RCE
- https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit
- https://github.com/nagaadv/nagaadv
- https://github.com/primebeast/CVE-2019-11932
- https://github.com/shazil425/Whatsapp-
- https://github.com/starling021/CVE-2019-11932-SupportApp
- https://github.com/starling021/whatsapp_rce
- https://github.com/tucommenceapousser/CVE-2019-11932
- https://github.com/tucommenceapousser/CVE-2019-11932deta
- https://github.com/twinflow/truth
- https://github.com/valbrux/CVE-2019-11932-SupportApp
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/zxn1/CVE-2019-11932