CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41861
https://notcve.org/view.php?id=CVE-2021-41861
04 Oct 2021 — The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. La aplicación Telegram versiones 7.5.0 hasta 7.8.0 para Android no implementa correctamente l... • https://desktop.telegram.org/changelog#v-2-6-23-02-21 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36769
https://notcve.org/view.php?id=CVE-2021-36769
16 Jul 2021 — A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. Se presenta un problema de reordenación en Telegram versiones anteriores a 7.8.1 para Android, Telegram versiones anteriores a 7.8.3 para iOS y Telegram Desktop versiones anteriores a 2.8.8. Un atacante puede causar al servidor recibir mensajes en un orden diferente al que se e... • https://mtpsym.github.io •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31315
https://notcve.org/view.php?id=CVE-2021-31315
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento en la región Stack d... • https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31317
https://notcve.org/view.php?id=CVE-2021-31317
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una Confusión de Tipos en el constructo... • https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31318
https://notcve.org/view.php?id=CVE-2021-31318
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una Confusión de Tipos en ... • https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31319 – Ubuntu Security Notice USN-7198-1
https://notcve.org/view.php?id=CVE-2021-31319
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento de Enteros en la f... • https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31320
https://notcve.org/view.php?id=CVE-2021-31320
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una vulne... • https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31321
https://notcve.org/view.php?id=CVE-2021-31321
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento en la... • https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31322
https://notcve.org/view.php?id=CVE-2021-31322
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una vulnerabilidad de Desbordamie... • https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31323
https://notcve.org/view.php?id=CVE-2021-31323
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1,, están afectados por una vulnerabilidad... • https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow • CWE-787: Out-of-bounds Write •