Stack Based Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Memory Access via Malicious Animated Sticker

Stack Based Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Memory Access via Malicious Animated Sticker

CVE-2021-31315 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.

Learn more about our Cis Benchmark Audit For Apple Ios.