PT-2021-19240 · Telegram+2 · Telegram Android+4
Polict
·
Published
2021-05-18
·
Updated
2025-01-19
·
CVE-2021-31320
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Telegram Android versions prior to 7.1.0 (2090)
Telegram iOS versions prior to 7.1
Telegram macOS versions prior to 7.1
Description
The issue is related to a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of the custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker.
Recommendations
For Telegram Android versions prior to 7.1.0 (2090), update to version 7.1.0 (2090) or later.
For Telegram iOS versions prior to 7.1, update to version 7.1 or later.
For Telegram macOS versions prior to 7.1, update to version 7.1 or later.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Telegram Android
Telegram Ios
Telegram Macos
Ubuntu