HomeWinBuzzer NewsWhatsApp Vulnerability Leaves Android Devices Open to Attack

WhatsApp Vulnerability Leaves Android Devices Open to Attack

A vulnerability in WhatsApp could allow attackers to introduce an RCE attack through sending infected GIF files.


A new vulnerability has been described in that could leave devices open to remote code execution (RCE) attacks. According to a security researcher, the flaw could be exploited on Android and give attackers elevated privileges through exploiting a double-free bug.

Described by Awakened, a self-professed “technologist and an information security enthusiast”, the flaw was highlighted on 's GitHub.

Luckily, for bad actors seeking to take advantage of the flaw, it will be a complicated process. Attackers would need to send an infected GIF file to an intended victim. This GIF could come through any channel, such as email or through WhatsApp.

Yes, this seems like a classic phishing attack, but the victim would need to download the GIF to a device and then open the WhatsApp gallery to send the file to another user. It is worth noting the GIF does not have to be resent, but simply the WhatsApp gallery opening. When opened the attack will trigger.

“When a WhatsApp user opens Gallery view in WhatsApp to send a media file, WhatsApp parses it with a native library called libpl_droidsonroids_gif.so to generate the preview of the GIF file…

“When the WhatsApp Gallery is opened, the said GIF file triggers the double-free bug on rasterBits buffer with size sizeof(GifInfo). Interestingly, in WhatsApp Gallery, a GIF file is parsed twice. When the said GIF file is parsed again, another GifInfo object is created. Because of the double-free behavior in Android, GifInfo info object and info->rasterBits will point to the same address. DDGifSlurp() will then decode the first frame to info->rasterBits buffer, thus overwriting info and its rewindFunction(), which is called right at the end of DDGifSlurp() function.”


Awakened explains the vulnerability can only be exploited on Android 8.1 and 9.0, and only on WhatsApp version 2.19.230. Considering this narrow exploit field and complicated attack process, the bug is not exceptionally dangerous.

Still, has been informed and the company did send out a patch that arrived in WhatsApp version 2.19.244.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News