WhatsApp for Android

2.20.196.16

OTHER 1 CVE

2.20.140

SEMANTIC 1 CVE

2.18.293

SEMANTIC 1 CVE

2.19.54

SEMANTIC 1 CVE

before version 2.19.143

OTHER 1 CVE

2.20.11

SEMANTIC 2 CVEs

2.19.274

SEMANTIC 1 CVE

2.20.185

SEMANTIC 1 CVE

unspecified

OTHER 18 CVEs

2.20.130

SEMANTIC 1 CVE

2.18.295

SEMANTIC 1 CVE

2.19.291

SEMANTIC 1 CVE

2.19.104

SEMANTIC 1 CVE

2.18.276

SEMANTIC 1 CVE

2.18.180

SEMANTIC 1 CVE

v2.21.22.7

OTHER 1 CVE

v2.21.23

OTHER 1 CVE

0

SINGLE_NUMBER 2 CVEs

2.18.248

SEMANTIC 1 CVE

2.19.134

SEMANTIC 1 CVE

2.19.52

SEMANTIC 1 CVE

CVE-2023-38538

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

MEDIUM Oct 04, 2023

CVE-2023-38537

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

MEDIUM Oct 04, 2023

CVE-2019-11931

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.

UNKNOWN Nov 14, 2019

CVE-2019-11933

A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.

UNKNOWN Oct 23, 2019

CVE-2018-6349

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.

UNKNOWN Jun 14, 2019

CVE-2018-6350

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.

UNKNOWN Jun 14, 2019

CVE-2018-6339

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

UNKNOWN Jun 14, 2019

CVE-2018-6344

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.

UNKNOWN Dec 31, 2018