Description
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.
References
https://desktop.telegram.org/changelog#v-2-6-23-02-21
Release NotesVendor Advisory
https://habr.com/ru/post/580582/
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 · Low
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-04T03:15:16.787
3 years agoLast modified
2021-10-08T17:28:07.073
3 years ago