First published: Tue May 18 2021(Updated: )
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | <7.1.0 | |
Telegram Telegram | <7.1.0 | |
Telegram Telegram | <7.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31318 is a vulnerability that affects Telegram Android, Telegram iOS, and Telegram macOS versions lower than 7.1.0.
CVE-2021-31318 has a severity rating of 5.5 (Medium).
CVE-2021-31318 allows a remote attacker to access heap memory out-of-bounds on a victim's device via a type confusion vulnerability in Telegram's custom fork of the rlottie library.
Telegram Android versions lower than 7.1.0 (2090), Telegram iOS versions lower than 7.1, and Telegram macOS versions lower than 7.1 are affected by CVE-2021-31318.
Yes, you can find references for CVE-2021-31318 at the following links: [Link 1](https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/), [Link 2](https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/)