CVE-2019-11933
Description
A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in libpl_droidsonroids_gif before 1.2.19, used in WhatsApp for Android before 2.19.291, allows remote code execution or denial of service.
Vulnerability
A heap buffer overflow exists in libpl_droidsonroids_gif before version 1.2.19, which is used in WhatsApp for Android before version 2.19.291. The vulnerability can be triggered when processing a specially crafted GIF file, leading to out-of-bounds write on the heap. [1]
Exploitation
An attacker can exploit this vulnerability by sending a malicious GIF to a WhatsApp user via a message. No authentication or user interaction beyond opening the message is required. The attacker must craft a GIF that triggers the heap overflow during parsing. [1]
Impact
Successful exploitation could allow an attacker to execute arbitrary code on the victim's device with the privileges of the WhatsApp application, or cause a denial of service via application crash. [1]
Mitigation
The vulnerability is fixed in libpl_droidsonroids_gif version 1.2.19 and WhatsApp for Android version 2.19.291 and later. Users should update WhatsApp to the latest version from the Google Play Store. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <1.2.19
- Range: 2.19.291
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.facebook.com/security/advisories/cve-2019-11933mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.