Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access

Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access

CVE-2021-31317 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker.

Learn more about our Cis Benchmark Audit For Apple Ios.