Telegram - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-47793 1Telegram 1Telegram Desktop Jan 30, 2026 Jan 16, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into t...Show more Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.Show less
CVE-2024-7014 1Telegram 1Telegram Feb 9, 2026 Jul 23, 2024 7.1 HIGH· v4 8.1 HIGH· v3 N/A· v2 EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
CVE-2023-34658 1Telegram 1Telegram Nov 27, 2024 Jun 29, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.
CVE-2023-26818 1Telegram 1Telegram Jan 21, 2025 May 19, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.
CVE-2022-43363 1Telegram 1Telegram Nov 21, 2024 Dec 6, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS fi...Show more Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding.Show less
CVE-2021-41861 1Telegram 1Telegram Nov 21, 2024 Oct 4, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct featur...Show more The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.Show less
CVE-2021-40532 1Telegram 1Web K Alpha Nov 21, 2024 Sep 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.
CVE-2021-37596 1Telegram 1Web K Alpha Nov 21, 2024 Jul 30, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Web K Alpha 0.6.1 allows XSS via a document name.
CVE-2021-36769 1Telegram 2Telegram Telegram Desktop Nov 21, 2024 Jul 17, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were s...Show more A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.Show less
CVE-2021-31323 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31322 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31321 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be a...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31320 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31319 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31318 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacke...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31317 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to acces...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-31315 1Telegram 1Telegram Nov 21, 2024 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to acces...Show more Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.Show less
CVE-2021-30496 1Telegram 1Telegram Nov 21, 2024 Apr 20, 2021 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group....Show more The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability."Show less
CVE-2021-27351 1Telegram 1Telegram Nov 21, 2024 Feb 19, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
CVE-2021-27205 1Telegram 1Telegram Nov 21, 2024 Feb 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

12 Next