First published: Wed Sep 11 2019(Updated: )
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to supported functionality in which a sender can remove a recipient's copy of a previously sent message).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | <5.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16248 is a vulnerability in Telegram for Android before version 5.11 that allows shared media files to not be deleted from the Telegram Images directory when using the "delete for" feature.
CVE-2019-16248 has a severity level of medium with a value of 5.5.
CVE-2019-16248 affects Telegram for Android before version 5.11 by not fully deleting shared media files from the Telegram Images directory when using the "delete for" feature.
To fix CVE-2019-16248, update Telegram for Android to version 5.11 or later.
You can find more information about CVE-2019-16248 at the following references: [link 1](https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf), [link 2](https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html), [link 3](https://www.openwall.com/lists/oss-security/2019/09/09/2).