CVE-2021-31323

Name of the Vulnerable Software and Affected Versions Telegram Messenger versions prior to 7.1.0 Telegram Android versions prior to 7.1.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1

Description The issue is caused by a heap buffer overflow in the LottieParserImpl::parseDashProperty function. This can allow a remote attacker to disclose protected information by using a malicious animated sticker, potentially accessing heap memory out-of-bounds on a victim device.

Recommendations For Telegram Messenger versions prior to 7.1.0, update to version 7.1.0 or later. For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later. As a temporary workaround, consider avoiding the use of animated stickers from untrusted sources until the issue is resolved.