Polict

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** A Heap Buffer Overflow issue exists in the LOTGradient::populate function of the custom fork of the rlottie library used by Telegram. This could allow a remote attacker to access heap memory out-of-bounds on a victim device via a malicious animated sticker. **Recommendations** For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to a Stack Based Overflow in the blit function of Telegram's custom fork of the rlottie library. This could allow a remote attacker to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. **Recommendations** For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of the custom fork of the rlottie library. This could allow a remote attacker to access heap memory out-of-bounds on a victim device via a malicious animated sticker. **Recommendations** For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to an Integer Overflow in the LOTGradient::populate function of the custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. **Recommendations** For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of the custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker. **Recommendations** For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

Name of the Vulnerable Software and Affected Versions: Music Station versions prior to 5.3.16 on QTS 4.5.2 Music Station versions prior to 5.2.10 on QTS 4.3.6 Music Station versions prior to 5.1.14 on QTS 4.3.3 Music Station versions prior to 5.3.16 on QuTS hero h4.5.2 Music Station versions prior to 5.3.16 on QuTScloud c4.5.4 Description: An improper access control issue has been reported, affecting earlier versions of Music Station. This issue allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, and evading detection. Recommendations: For Music Station versions prior to 5.3.16 on QTS 4.5.2, update to version 5.3.16 or later. For Music Station versions prior to 5.2.10 on QTS 4.3.6, update to version 5.2.10 or later. For Music Station versions prior to 5.1.14 on QTS 4.3.3, update to version 5.1.14 or later. For Music Station versions prior to 5.3.16 on QuTS hero h4.5.2, update to version 5.3.16 or later. For Music Station versions prior to 5.3.16 on QuTScloud c4.5.4, update to version 5.3.16 or later.

**Name of the Vulnerable Software and Affected Versions** Telegram Messenger versions prior to 7.1.0 Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is caused by a heap buffer overflow in the LottieParserImpl::parseDashProperty function. This can allow a remote attacker to disclose protected information by using a malicious animated sticker, potentially accessing heap memory out-of-bounds on a victim device. **Recommendations** For Telegram Messenger versions prior to 7.1.0, update to version 7.1.0 or later. For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later. As a temporary workaround, consider avoiding the use of animated stickers from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions 7.0 through 7.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to a buffer overflow in the `gray split cubic` function of the custom Rlottie library used for Lottie animation playback. This could allow a remote attacker to compromise data integrity and cause a denial of service by sending a malicious animated sticker. The exploitation of this issue may lead to out-of-bounds memory overwrite on a victim's device. **Recommendations** For Telegram Android versions 7.0 through 7.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later. As a temporary workaround, consider restricting the use of animated stickers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Telegram Android versions 7.0 through 7.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 **Description** The issue is related to type confusion errors in the VDasher constructor of the custom rlottie library used for Lottie animation playback. Exploitation of this issue could allow a remote attacker to access confidential data by using a malicious animated sticker, potentially leading to out-of-bounds access to the heap memory on a victim's device. **Recommendations** For Telegram Android versions 7.0 through 7.0 (2090), update to version 7.1.0 (2091) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Horde Groupware Webmail Edition versions prior to 5.2.22 **Description** The image view functionality is affected by a stored Cross-Site Scripting (XSS) issue via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. **Recommendations** For versions prior to 5.2.22, update to version 5.2.22 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG images to prevent potential exploitation.