Browse all 5 CVE security advisories affecting whisperfish. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Whisperfish is a secure messaging application focused on providing end-to-end encrypted communication for mobile devices. Historically, the application has been affected by multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. These issues have allowed attackers to potentially execute arbitrary code, manipulate user interfaces, or gain elevated system privileges. The application maintains security through regular updates and a commitment to addressing reported vulnerabilities promptly. While no major public security incidents have been documented, the presence of five CVEs indicates ongoing security challenges typical in complex mobile applications handling sensitive communications.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24904 | libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked — libsignal-service-rsCWE-287 | 8.5 | High | 2025-02-13 |
| CVE-2025-24903 | libsignal-service-rs Doesn't Check Origin of Sync Messages — libsignal-service-rsCWE-345 | 8.5 | High | 2025-02-13 |
| CVE-2024-39697 | phonenumber panics on parsing crafted phonenumber inputs — rust-phonenumberCWE-284 | 8.6 | High | 2024-07-09 |
| CVE-2023-42447 | blurhash panics on parsing crafted inputs — blurhash-rsCWE-248 | 8.6 | High | 2023-09-19 |
| CVE-2023-42444 | phonenumber panics on parsing crafted RF3966 inputs — rust-phonenumberCWE-248 | 8.6 | High | 2023-09-19 |
This page lists every published CVE security advisory associated with whisperfish. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.