Hello! Thank you for pointing out these CVEs.
I investigated deeper into the issues and reviewed the code as of
0.1+dfsg-1 version of the package. Luckily, most of these issues are not
related to rlottie as currently packaged in Debian.
Below are some of my notes. They do not imply 100%
Source: rlottie
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2021-31323:
https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/
CVE-2021-31322:
2 matches
Mail list logo