Heap Buffer Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Access to Heap Memory

Heap Buffer Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Access to Heap Memory

CVE-2021-31322 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Learn more about our Cis Benchmark Audit For Apple Ios.