NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of October 7th, 2019

CVE-2019-1367 – MICROSOFT ZERO-DAY VULNERABILITY – OUT-OF-BAND PATCH, Again

Microsoft zero-day vulnerability is still trending on social media and we covered CVE-2019-1367 in September 23rd blog post. This week, we will talk about CVE-2019-11932 which is runner-up in the list.

Description

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.

Affected Versions

All versions before 2.19.244

References

Facebook Security Advisor

National Vulnerability Database

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.