CVE-2021-31321

Name of the Vulnerable Software and Affected Versions Telegram Android versions 7.0 through 7.0 (2090) Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1

Description The issue is related to a buffer overflow in the gray split cubic function of the custom Rlottie library used for Lottie animation playback. This could allow a remote attacker to compromise data integrity and cause a denial of service by sending a malicious animated sticker. The exploitation of this issue may lead to out-of-bounds memory overwrite on a victim's device.

Recommendations For Telegram Android versions 7.0 through 7.0 (2090), update to version 7.1.0 (2090) or later. For Telegram iOS versions prior to 7.1, update to version 7.1 or later. For Telegram macOS versions prior to 7.1, update to version 7.1 or later. As a temporary workaround, consider restricting the use of animated stickers until a patch is available.