CVE-2019-11932

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11932

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11932.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11932

Aliases

GHSA-x534-j49x-mqvj

Published

2019-10-03T22:15:10.370Z

Modified

2026-03-15T22:29:22.498395Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

References

Affected packages

Git / github.com/koral--/android-gif-drawable

Affected ranges

Type

GIT

Repo

https://github.com/koral--/android-gif-drawable

Events

Introduced

Fixed

78df8feb91d8d2557b808494bef24eec91a274d3

Fixed

cc5b4f8e43463995a84efd594f89a21f906c2d20

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.18"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.16

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11932.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.19.244"
            }
        ]
    }
]

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "android-gif-drawable/src/main/c/decoding.c"
        },
        "source": "https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "307494684151968822352496849915942941334",
                "179646405047686153803200246891620737399",
                "3565184496671623564557538637471165139",
                "319716975894053961623641977136312660817",
                "247672870486026284567417504325281799838",
                "231133232878314181211603384170963396143"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-11932-20c00734",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "android-gif-drawable/src/main/c/decoding.c",
            "function": "DDGifSlurp"
        },
        "source": "https://github.com/koral--/android-gif-drawable/commit/cc5b4f8e43463995a84efd594f89a21f906c2d20",
        "deprecated": false,
        "digest": {
            "function_hash": "256783787093088157937719302303409991667",
            "length": 3101.0
        },
        "id": "CVE-2019-11932-e657e0c4",
        "signature_type": "Function"
    }
]