Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-18T19:44:37

Updated: 2024-08-03T22:55:53.491Z

Reserved: 2021-04-15T00:00:00

Link: CVE-2021-31318

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-18T20:15:07.677

Modified: 2024-11-21T06:05:25.137

Link: CVE-2021-31318

cve-icon Redhat

No data.