kriware Jul 22, 2025

Reproducing a Million‑Dollar Bug: WhatsApp CVE‑2019‑11932

IBM X‑Force re‑implements WhatsApp’s 2019 double‑free GIF exploit using AFL++ fuzzing and Frida harness on Android for on‑device testing.

https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida

#DoubleFree #Android

Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM

Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.

kriware Jul 21, 2025

Reproducing a Million‑Dollar Bug: WhatsApp CVE‑2019‑11932

IBM X‑Force re‑implements WhatsApp’s 2019 double‑free GIF exploit using AFL++ fuzzing and Frida harness on Android for on‑device testing.

https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida

#DoubleFree #Android

Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM

Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.

Astra Kernel Apr 8, 2024

🪲 Nice write up on double-free in nf_tables in the Linux kernel by @notselwyn

▶️Drop a universal root shell on nearly all Linux kernels between at least v5.14 and v6.6.14

https://pwning.tech/nftables/

The POC:
https://github.com/Notselwyn/CVE-2024-1086

#infosec #doublefree #memorysafety

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques

A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.

Pwning Tech
crackerjack  Feb 9, 2023

Nice write-up and PoC for the "Not believed to be exploitable" recently patched double-free OpenSSH bug. Thanks jfrog!

#cybersecuritynews #PoC #doublefree #openssh #jfrog

https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/

CVE-2023-25136 OpenSSH Pre-Auth Double Free Writeup & PoC

Understanding the OpenSSH CVE-2023-25136 high vulnerability. Read our analysis with Proof-of-Concept, learn what's vulnerable, and discover remediations.

JFrog
 domenukNov 29, 2022

objectively the best playlist on #spotify (by @stacksmashing )

#doublefree

ITSEC NewsNov 7, 2019
Amazon Kindle, Embedded Devices Open to Code-Execution - Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlyin... more: https://threatpost.com/amazon-kindle-embedded-devices-code-execution/150003/ #memorycorruption #vulnerabilities #denialofservice #embeddeddevices #bufferoverflow #codeexecution #amazonkindle #forallsecure #cputakeover #armdevices #doublefree #dasu-boot #iot
Amazon Kindle, Embedded Devices Open to Code-Execution

Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component.

Threatpost - English - Global - threatpost.com