CyberSec.Space Logo
Back to CVE Browser

CVE-2018-3988

MEDIUM
4.7
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile40.61th
PublishedDec 10, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

Affected Platforms (CPE)

πŸ“¦
Signal

Private Messenger

= 4.24.8

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106207
πŸ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656
πŸ”— http://www.securityfocus.com/bid/106207
πŸ”— https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656

Related Vulnerabilities

CVE-2019-171929.8

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packet...

CVE-2019-171917.5

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee ...

CVE-2019-99706.5

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android ar...

CVE-2020-57535.3

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phon...