Vulnerability Description
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telegram | Telegram | < 7.1.0 |
Related Weaknesses (CWE)
References
- https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradiExploitThird Party Advisory
- https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-sticExploitThird Party Advisory
- https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradiExploitThird Party Advisory
- https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-sticExploitThird Party Advisory
FAQ
What is CVE-2021-31320?
CVE-2021-31320 is a vulnerability with a CVSS score of 7.1 (HIGH). Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the...
How severe is CVE-2021-31320?
CVE-2021-31320 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31320?
Check the references section above for vendor advisories and patch information. Affected products include: Telegram Telegram.