CVE-2024-7014

Source
https://cve.org/CVERecord?id=CVE-2024-7014
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7014.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7014
Published
2024-07-23T09:55:42.837Z
Modified
2026-07-15T02:13:37.871579168Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H CVSS Calculator
Summary
Improper multimedia file attachment validation in Telegram for Android app
Details

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.

Database specific
{
    "cna_assigner": "ESET",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7014.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.14.4"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/drklo/telegram

Affected ranges

Type
GIT
Repo
https://github.com/drklo/telegram
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:telegram:telegram:*:*:*:*:*:android:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.14.5"
        }
    ]
}

Affected versions

release-10.*
release-10.0.0_3793
release-10.1.0_3919
release-10.13.1-4845
release-10.14.3-4927
release-10.2.0_4056
release-10.2.2_4071
release-10.2.3_4075
release-10.3.2-4145
release-10.5.0-4228
release-10.6.1-4275
release-10.9.1-4464
release-5.*
release-5.13.0_1818
release-5.13.0_1819
release-5.13.0_1820
release-5.13.0_1821
release-5.13.0_1823
release-5.13.1_1826
release-5.13.1_1829
release-5.14.0_1846
release-5.14.0_1849
release-5.14.0_1851
release-5.15.0_1864
release-5.15.0_1866
release-5.15.0_1867
release-5.15.0_1868
release-5.15.0_1869
release-6.*
release-6.0.0_1908
release-6.0.1_1910
release-6.0.1_1911
release-6.1.0_1938
release-6.1.0_1940
release-6.1.0_1941
release-6.1.1_1945
release-6.1.1_1946
release-6.2.0_1984
release-6.2.0_1985
release-6.2.0_1986
release-6.2.0_1988
release-6.3.0_2040
release-6.3.0_2042
release-7.*
release-7.0.0_2060
release-7.0.0_2061
release-7.0.0_2064
release-7.0.1_2065
release-7.1.0_2090
release-7.1.0_2092
release-7.1.1_2094
release-7.1.1_2096
release-7.1.2_2098
release-7.1.3_2100
release-7.1.3_2103
release-7.2.0_2128
release-7.2.0_2134
release-7.2.1_2135
release-7.2.1_2136
release-7.2.1_2137
release-7.2.1_2139
release-7.3.0_2195
release-7.3.0_2196
release-7.3.0_2197
release-7.3.0_2206
release-7.4.0_2221
release-7.4.0_2223
release-7.4.1_2225
release-7.4.2_2227
release-7.5.0_2243
release-7.5.0_2244
release-7.5.0_2245
release-7.5.0_2246
release-7.6.0_2264
release-7.6.1_2274
release-7.7.0_2284
release-7.7.1_2291
release-7.7.2_2293
release-7.8.0_2360
release-7.8.1_2372
release-7.8.2_2376
release-7.9.0_2384
release-7.9.1_2387
release-7.9.2_2389
release-7.9.3_2390
release-8.*
release-8.1.1_2431
release-8.2.1_2462
release-8.4.1_2522
release-8.5.0_2547
release-8.5.1_2551
release-8.5.2_2563
release-8.5.3_2565
release-8.5.4_2566
release-8.6.0_2587
release-8.6.1_2594
release-8.6.2_2600
release-8.7.0_2622
release-8.7.1_2629
release-8.7.2_2634
release-8.8.2_2702
release-8.9.0_2751
release-9.*
release-9.0.0_2799
release-9.1.0_2885
release-9.2.1_2962
release-9.3.0_3021
release-9.3.3_3026
release-9.4.0_3098
release-9.4.1_3102
release-9.4.2_3106
release-9.4.3_3138
release-9.4.5_3152
release-9.4.6_3155
release-9.4.7_3160
release-9.4.8_3161
release-9.5.0_3195
release-9.5.1_3199
release-9.5.3_3213
release-9.5.4_3227
release-9.5.5_3236
release-9.5.7_3249
release-9.6.0_3319
release-9.6.6_3362
release-9.7.6_3721

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7014.json"