CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet
the CVE text doesn't mention "android-gif-drawable". It only mentions
WhatsApp. There could be over 28,400 free Android apps that use this
And it seems that quite a few (24) of those 28k+ apps other than WhatsApp
that use android-gif-drawable have install bases just as large as the
WhatsApp install base (1 billion+, per Google Play).
In example, Viber Version from Sep 2019 (22.214.171.124) is vulnerable to
CVE-2019-11932 (double free in libpl_droidsonroids_gif) . Latest 11.9.1 not
anymore. Stacktrace from vuln version:
Great work was made to compile list of apps using the framework:
Patch it up folks
Nice idea would be to create shodan or Wappalyzer search engine for Android
Apps frameworks. Count me in, if you want to build something like this.
# 0day.today [2019-12-04] #