Trending CVEs for the Week of October 7th, 2019

CVE-2019-1367 – MICROSOFT ZERO-DAY VULNERABILITY – OUT-OF-BAND PATCH, Again

Microsoft zero-day vulnerability is still trending on social media and we covered CVE-2019-1367 in September 23rd blog post. This week, we will talk about CVE-2019-11932 which is runner-up in the list.

Description

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.

Affected Versions

All versions before 2.19.244

References

Facebook Security Advisor

National Vulnerability Database