The vulnerability of the VDasher constructor in the Lottie playback library, related to data type conversion errors, allows attackers to access confidential data.

The vulnerability of the VDasher compiler’s Lottie animation playback library Rlottie is related to data type conversion errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a malicious animated sticker...

PT-2020-6438 · Telegram +2 · Telegram Macos +4

Name of the Vulnerable Software and Affected Versions: Telegram Android versions 7.0 through 7.0 2090 Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 Description: The issue is related to type confusion errors in the VDasher constructor of the custom rlottie library used fo...