Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access

Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access

CVE-2021-31318 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Learn more about our Cis Benchmark Audit For Apple Ios.