First published: Mon Oct 04 2021(Updated: )
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | >=7.5.0<=7.8.0 | |
>=7.5.0<=7.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID CVE-2021-41861 refers to a vulnerability in the Telegram application for Android versions 7.5.0 through 7.8.0, where the image self-destruction feature is not properly implemented.
The severity level of CVE-2021-41861 is low with a severity value of 3.3.
CVE-2021-41861 affects the Telegram application for Android versions 7.5.0 through 7.8.0 by misleading users with a UI indication that an image was deleted after two to four uses of the self-destruct feature.
To fix the vulnerability CVE-2021-41861, it is recommended to update the Telegram application on your Android device to a version higher than 7.8.0.