[reinforcedpaper]

From the explanation of the bug on github it seems to me like this is a client-side database issue and nothing was actually leaked. Database ids were reused so random images that were previously received were displayed in newly received messages.

Is this correct? If it is then it's probably worth mentioning.

[tgsovlerkhgsel]

My understanding is that the database issue caused your client to send pictures A, B and C to person X, when you were trying to send picture C to person X (where A and B are pictures that were previously sent to someone else).

[reinforcedpaper]

The person reporting the issue specifically said that they couldn't find those pictures on their phone and don't remember ever sending them to anyone.

The recipient also wouldn't be able to find those images anywhere else because they have chat trimming enabled. The result is that because a newly received message happened to share the id of an old deleted message, the new message is now displaying pictures from the old message.

This does require the recipient to have received those pictures and also not remember them but I believe it is easier to forget a random picture you received than one you sent.

Again, this is me speculating with very limited knowledge of client internals but it makes sense to me. I would like to see a developer confirm this.