A vulnerability in the WhatApp’s image filter could have allowed an attacker to send a maliciously-craftted image to an unsuspecting user. The image could be used to read sensitive information from the app’s memory.
The issue CVE-2020-1910 (CVSS score: 7.8) concerns an out-of-control read/write operation and involves a victim modifying an image by applying specific image filters and sending it to another recipient.
“A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially-crafted image and sent the resulting image,” WhatsApp noted in its previously published advisory.
According to a security firm Check Point Research, WhatsApp can crash after a user applies different filters on a malicious GIF file. The issue was discovered back in November 2020.
More specifically, the issue was rooted in an “applyFilterIntoBuffer()” function.
The flaw allowed exploitation due to the vulnerable function relying on assumption that both the source and the filtered images are the same, more importantly, their dimensions and RGBA color format.
Given that the RGBA pixel is only 4 bytes, an attacker could produce an image with only 1 byte per pixel which can lead to an out-of-limits memory access issue since the “function tries to read and copy 4 times the amount of the allocated source image buffer.”
WhatsApp has added two new checks to ensure source and filter images are in RGBA format and that the image has 4 bytes per pixel. The company noted that it did not believe that the bug affected users.