6 matches found
CVE-2019-11419
Summary: CVE-2019-11419 affects WeChat for Android through 7.0.3/7.0.4 where vcodec2_hls_filter in libvoipCodec_v7a.so enables a local attacker to crash the application by replacing an emoji file (under /sdcard/tencent/MicroMsg) with a crafted .wxgf file whose content is derived from the device I...
CVE-2019-17151
CVE-2019-17151 affects Tencent WeChat (before 7.0.9). The flaw is in parsing a user’s profile name, enabling unsafe redirection via the name field when the target is in a chat with the attacker. Exploitation requires user interaction within a chat session. The vulnerability is described as “name ...
CVE-2021-40180
According to connected documents, CVE-2021-40180 affects WeChat app version 8.0.10 for Android and iOS, where a mini program can invoke wx.searchContacts to access the user's address book and obtain sensitive information. The root cause is a permissions/API misuse in the mini program environment ...
CVE-2020-27874
The CVE-2020-27874 entry concerns Tencent WeChat 7.0.18 with a vulnerability in the WXAM Decoder. The flaw results from improper validation of user-supplied data, causing memory access past the end of an allocated object and leading to remote code execution. Exploitation requires user interaction...
CVE-2024-40433
CVE-2024-40433 affects Tencent WeChat 8.0.37. Multiple connected sources describe an Insecure Permissions vulnerability that enables privilege escalation via the web-view component. Root cause and scope are tied to the web-view usage in WeChat, with impact described as elevation of privileges (hi...
CVE-2021-27247
CVE-2021-27247 affects Tencent WeChat 2.9.5 desktop. The flaw is in the WXAM decoder where unvalidated user data allows an out-of-bounds read, exposing sensitive information. This may enable arbitrary code execution when combined with other vulnerabilities, with user interaction required (malicio...