cve/2019/CVE-2019-11932.md

### [CVE-2019-11932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11932)
![](https://img.shields.io/static/v1?label=Product&message=android-gif-drawable&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.2.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20free%20(CWE-415)&color=brighgreen)

### Description

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

### POC

#### Reference
- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html
- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263

#### Github
- https://github.com/0759104103/cd-CVE-2019-11932
- https://github.com/0xT11/CVE-POC
- https://github.com/5l1v3r1/CVE-2019-11932
- https://github.com/84KaliPleXon3/WhatsRCE
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CodewithsagarG/whatsappcrash
- https://github.com/Err0r-ICA/WhatsPayloadRCE
- https://github.com/Gazafi99/Gazafi99
- https://github.com/GhostTroops/TOP
- https://github.com/IdelTeam/gifs
- https://github.com/JERRY123S/all-poc
- https://github.com/JasonJerry/WhatsRCE
- https://github.com/Monu232425/Monu232425
- https://github.com/PleXone2019/WhatsRCE
- https://github.com/Rakshi220/Rakshi220
- https://github.com/SmoZy92/CVE-2019-11932
- https://github.com/Tabni/https-github.com-awakened1712-CVE-2019-11932
- https://github.com/TinToSer/whatsapp_rce
- https://github.com/TortugaAttack/pen-testing
- https://github.com/TulungagungCyberLink/CVE-2019-11932
- https://github.com/Ysaidin78/jubilant-octo-couscous
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/anonputraid/Link-Trackers
- https://github.com/anquanscan/sec-tools
- https://github.com/awakened1712/CVE-2019-11932
- https://github.com/cbch2832/cpp5
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dashtic172/abdul
- https://github.com/dave59988/Ken
- https://github.com/dave59988/dave59988
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dorkerdevil/CVE-2019-11932
- https://github.com/fastmo/CVE-2019-11932
- https://github.com/frankzappasmustache/starred-repos
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/infiniteLoopers/CVE-2019-11932
- https://github.com/jbmihoub/all-poc
- https://github.com/jsn-OO7/whatsapp
- https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932
- https://github.com/kal1gh0st/WhatsAppHACK-RCE
- https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit
- https://github.com/nagaadv/nagaadv
- https://github.com/primebeast/CVE-2019-11932
- https://github.com/shazil425/Whatsapp-
- https://github.com/starling021/CVE-2019-11932-SupportApp
- https://github.com/starling021/whatsapp_rce
- https://github.com/tucommenceapousser/CVE-2019-11932
- https://github.com/tucommenceapousser/CVE-2019-11932deta
- https://github.com/twinflow/truth
- https://github.com/valbrux/CVE-2019-11932-SupportApp
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/zxn1/CVE-2019-11932
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-11932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11932)`
			`![](https://img.shields.io/static/v1?label=Product&message=android-gif-drawable&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%201.2.18%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20free%20(CWE-415)&color=brighgreen)`

			`### Description`

			`A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/154867/Whatsapp-2.19.216-Remote-Code-Execution.html`
			`- http://packetstormsecurity.com/files/158306/WhatsApp-android-gif-drawable-Double-Free.html`
			`- https://gist.github.com/wdormann/874198c1bd29c7dd2157d9fc1d858263`

			`#### Github`
			`- https://github.com/0759104103/cd-CVE-2019-11932`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/5l1v3r1/CVE-2019-11932`
			`- https://github.com/84KaliPleXon3/WhatsRCE`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/CodewithsagarG/whatsappcrash`
			`- https://github.com/Err0r-ICA/WhatsPayloadRCE`
			`- https://github.com/Gazafi99/Gazafi99`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/IdelTeam/gifs`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/JasonJerry/WhatsRCE`
			`- https://github.com/Monu232425/Monu232425`
			`- https://github.com/PleXone2019/WhatsRCE`
			`- https://github.com/Rakshi220/Rakshi220`
			`- https://github.com/SmoZy92/CVE-2019-11932`
			`- https://github.com/Tabni/https-github.com-awakened1712-CVE-2019-11932`
			`- https://github.com/TinToSer/whatsapp_rce`
			`- https://github.com/TortugaAttack/pen-testing`
			`- https://github.com/TulungagungCyberLink/CVE-2019-11932`
			`- https://github.com/Ysaidin78/jubilant-octo-couscous`
			`- https://github.com/alphaSeclab/sec-daily-2019`
			`- https://github.com/anonputraid/Link-Trackers`
			`- https://github.com/anquanscan/sec-tools`
			`- https://github.com/awakened1712/CVE-2019-11932`
			`- https://github.com/cbch2832/cpp5`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/dashtic172/abdul`
			`- https://github.com/dave59988/Ken`
			`- https://github.com/dave59988/dave59988`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/dorkerdevil/CVE-2019-11932`
			`- https://github.com/fastmo/CVE-2019-11932`
			`- https://github.com/frankzappasmustache/starred-repos`
			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/infiniteLoopers/CVE-2019-11932`
			`- https://github.com/jbmihoub/all-poc`
			`- https://github.com/jsn-OO7/whatsapp`
			`- https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932`
			`- https://github.com/kal1gh0st/WhatsAppHACK-RCE`
			`- https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit`
			`- https://github.com/nagaadv/nagaadv`
			`- https://github.com/primebeast/CVE-2019-11932`
			`- https://github.com/shazil425/Whatsapp-`
			`- https://github.com/starling021/CVE-2019-11932-SupportApp`
			`- https://github.com/starling021/whatsapp_rce`
			`- https://github.com/tucommenceapousser/CVE-2019-11932`
			`- https://github.com/tucommenceapousser/CVE-2019-11932deta`
			`- https://github.com/twinflow/truth`
			`- https://github.com/valbrux/CVE-2019-11932-SupportApp`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/zxn1/CVE-2019-11932`