Do not contempt CVE-2019-11932 attack. It can jeopardize the Android software applications world!

Preface: CVE record summarized by human. Perhaps sometimes might have typo!

Vulnerability description: A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. However CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn’t mention “android-gif-drawable”. It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.

Observation: GifDrawable implements the interface of Animatable and MediaPlayerControl.Therefore, the impact will be greater than expected from the CVE record.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.