Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for rLottie by Samsung Open Source

    CVE-2026-8916 (GCVE-0-2026-8916)

    Vulnerability from nvd – Published: 2026-06-04 09:44 – Updated: 2026-06-08 23:17
    VLAI
    Summary
    Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: dcfde72eae1b0464dc0dd760aec00ada6a148635
    Create a notification for this product.
    Credits
    Michael DePlante (@izobashi) of TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:08:44.647755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:09:01.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "dcfde72eae1b0464dc0dd760aec00ada6a148635"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\u003cp\u003eThis issue affects rlottie: before\u0026nbsp;dcfde72eae1b0464dc0dd760aec00ada6a148635.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\n\nThis issue affects rlottie: before\u00a0dcfde72eae1b0464dc0dd760aec00ada6a148635."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T23:17:11.160Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/589"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-8916",
        "datePublished": "2026-06-04T09:44:26.603Z",
        "dateReserved": "2026-05-19T05:50:17.177Z",
        "dateUpdated": "2026-06-08T23:17:11.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49510 (GCVE-0-2026-49510)

    Vulnerability from nvd – Published: 2026-06-04 09:41 – Updated: 2026-06-08 00:30
    VLAI
    Summary
    Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer overflow or wraparound
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 21292665023e5074b38254432716866d00f1985f
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:17:06.252277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:17:22.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "21292665023e5074b38254432716866d00f1985f"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks.\u003cp\u003eThis issue affects rlottie:\u0026nbsp;before\u0026nbsp;21292665023e5074b38254432716866d00f1985f.\u003c/p\u003e"
                }
              ],
              "value": "Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks.\n\nThis issue affects rlottie:\u00a0before\u00a021292665023e5074b38254432716866d00f1985f."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-128",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-128 Integer Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer overflow or wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T00:30:49.807Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/592"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-49510",
        "datePublished": "2026-06-04T09:41:17.647Z",
        "dateReserved": "2026-06-01T01:41:22.546Z",
        "dateUpdated": "2026-06-08T00:30:49.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47320 (GCVE-0-2026-47320)

    Vulnerability from nvd – Published: 2026-06-04 09:38 – Updated: 2026-06-07 23:35
    VLAI
    Summary
    Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of uninitialized pointer
    • CWE-674 - Uncontrolled Recursion
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: eae37633fda13ac05b25c6c95aacea4bc33c80a3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:19:42.336040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:20:28.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "eae37633fda13ac05b25c6c95aacea4bc33c80a3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads.\u003cp\u003eThis issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.\u003c/p\u003e"
                }
              ],
              "value": "Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads.\n\nThis issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-231",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-231 Oversized Serialized Data Payloads"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of uninitialized pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:35:51.061Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47320",
        "datePublished": "2026-06-04T09:38:27.208Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-07T23:35:51.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47319 (GCVE-0-2026-47319)

    Vulnerability from nvd – Published: 2026-06-04 09:39 – Updated: 2026-06-08 05:31
    VLAI
    Summary
    Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory allocation with excessive size value
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd
    Create a notification for this product.
    Credits
    Feng Ning, Innora Security Research (feng@innora.ai)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:18:40.838007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:19:08.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Feng Ning, Innora Security Research (feng@innora.ai)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation.\u003cp\u003eThis issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.\u003c/p\u003e"
                }
              ],
              "value": "Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation.\n\nThis issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory allocation with excessive size value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T05:31:02.960Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/588"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47319",
        "datePublished": "2026-06-04T09:39:55.058Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-08T05:31:02.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47318 (GCVE-0-2026-47318)

    Vulnerability from nvd – Published: 2026-06-04 09:43 – Updated: 2026-06-08 08:09
    VLAI
    Summary
    Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: ce72b35a7ad0dded03051d3aa0ef75321c3bd035
    Create a notification for this product.
    Credits
    Tomer Dricker (tomer.dricker@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47318",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:09:28.297915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:09:41.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ce72b35a7ad0dded03051d3aa0ef75321c3bd035"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tomer Dricker (tomer.dricker@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\u003cp\u003eThis issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.\u003c/p\u003e"
                }
              ],
              "value": "Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\n\nThis issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T08:09:44.846Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/582"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47318",
        "datePublished": "2026-06-04T09:43:56.316Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-08T08:09:44.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47306 (GCVE-0-2026-47306)

    Vulnerability from nvd – Published: 2026-06-04 09:43 – Updated: 2026-06-08 00:31
    VLAI
    Summary
    Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: e2d19e3b150e0e4a9586fa90b56fd3061cc98945 (git)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:15:14.252517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:16:26.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "e2d19e3b150e0e4a9586fa90b56fd3061cc98945",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads.\u003cp\u003eThis issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads.\n\nThis issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-231",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-231 Oversized Serialized Data Payloads"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T00:31:38.938Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/585"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47306",
        "datePublished": "2026-06-04T09:43:14.593Z",
        "dateReserved": "2026-05-19T02:40:40.158Z",
        "dateUpdated": "2026-06-08T00:31:38.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10305 (GCVE-0-2026-10305)

    Vulnerability from nvd – Published: 2026-06-04 09:40 – Updated: 2026-06-07 23:19
    VLAI
    Summary
    Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 223a2a41ba4f462e4abe767bebba49a366c9b9fd
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:17:56.750269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:18:08.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "223a2a41ba4f462e4abe767bebba49a366c9b9fd"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers.\u003cp\u003eThis issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers.\n\nThis issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:19:43.751Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/587"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-10305",
        "datePublished": "2026-06-04T09:40:26.586Z",
        "dateReserved": "2026-06-01T01:41:05.803Z",
        "dateUpdated": "2026-06-07T23:19:43.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53076 (GCVE-0-2025-53076)

    Vulnerability from nvd – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:32
    VLAI
    Summary
    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:10:13.051455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:03.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:48:25.071Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/573"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53076",
        "datePublished": "2025-06-30T01:48:25.071Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:32:03.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53074 (GCVE-0-2025-53074)

    Vulnerability from nvd – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:31
    VLAI
    Summary
    Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:09:55.839672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:31:56.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:48:54.197Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53074",
        "datePublished": "2025-06-30T01:48:54.197Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:31:56.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53075 (GCVE-0-2025-53075)

    Vulnerability from nvd – Published: 2025-06-30 01:47 – Updated: 2025-06-30 13:53
    VLAI
    Summary
    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:53:25.647386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:53:37.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:47:05.766Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53075",
        "datePublished": "2025-06-30T01:47:05.766Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:53:37.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0634 (GCVE-0-2025-0634)

    Vulnerability from nvd – Published: 2025-06-30 01:44 – Updated: 2026-01-22 18:06
    VLAI
    Summary
    Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Impacted products
    Vendor Product Version
    Samsung Open Source rLottie Affected: V0.2 (custom)
    Create a notification for this product.
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:55:08.968879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:55:23.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-01-22T18:06:37.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:44:57.595Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-0634",
        "datePublished": "2025-06-30T01:44:57.595Z",
        "dateReserved": "2025-01-22T06:51:23.085Z",
        "dateUpdated": "2026-01-22T18:06:37.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8916 (GCVE-0-2026-8916)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:44 – Updated: 2026-06-08 23:17
    VLAI
    Summary
    Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: dcfde72eae1b0464dc0dd760aec00ada6a148635
    Create a notification for this product.
    Credits
    Michael DePlante (@izobashi) of TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:08:44.647755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:09:01.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "dcfde72eae1b0464dc0dd760aec00ada6a148635"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael DePlante (@izobashi) of TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\u003cp\u003eThis issue affects rlottie: before\u0026nbsp;dcfde72eae1b0464dc0dd760aec00ada6a148635.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\n\nThis issue affects rlottie: before\u00a0dcfde72eae1b0464dc0dd760aec00ada6a148635."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T23:17:11.160Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/589"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-8916",
        "datePublished": "2026-06-04T09:44:26.603Z",
        "dateReserved": "2026-05-19T05:50:17.177Z",
        "dateUpdated": "2026-06-08T23:17:11.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47318 (GCVE-0-2026-47318)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:43 – Updated: 2026-06-08 08:09
    VLAI
    Summary
    Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: ce72b35a7ad0dded03051d3aa0ef75321c3bd035
    Create a notification for this product.
    Credits
    Tomer Dricker (tomer.dricker@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47318",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:09:28.297915Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:09:41.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ce72b35a7ad0dded03051d3aa0ef75321c3bd035"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tomer Dricker (tomer.dricker@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\u003cp\u003eThis issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.\u003c/p\u003e"
                }
              ],
              "value": "Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers.\n\nThis issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T08:09:44.846Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/582"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47318",
        "datePublished": "2026-06-04T09:43:56.316Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-08T08:09:44.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47306 (GCVE-0-2026-47306)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:43 – Updated: 2026-06-08 00:31
    VLAI
    Summary
    Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: e2d19e3b150e0e4a9586fa90b56fd3061cc98945 (git)
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:15:14.252517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:16:26.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "e2d19e3b150e0e4a9586fa90b56fd3061cc98945",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads.\u003cp\u003eThis issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads.\n\nThis issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-231",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-231 Oversized Serialized Data Payloads"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T00:31:38.938Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/585"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47306",
        "datePublished": "2026-06-04T09:43:14.593Z",
        "dateReserved": "2026-05-19T02:40:40.158Z",
        "dateUpdated": "2026-06-08T00:31:38.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49510 (GCVE-0-2026-49510)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:41 – Updated: 2026-06-08 00:30
    VLAI
    Summary
    Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer overflow or wraparound
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 21292665023e5074b38254432716866d00f1985f
    Create a notification for this product.
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49510",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:17:06.252277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:17:22.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "21292665023e5074b38254432716866d00f1985f"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks.\u003cp\u003eThis issue affects rlottie:\u0026nbsp;before\u0026nbsp;21292665023e5074b38254432716866d00f1985f.\u003c/p\u003e"
                }
              ],
              "value": "Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks.\n\nThis issue affects rlottie:\u00a0before\u00a021292665023e5074b38254432716866d00f1985f."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-128",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-128 Integer Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer overflow or wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T00:30:49.807Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/592"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-49510",
        "datePublished": "2026-06-04T09:41:17.647Z",
        "dateReserved": "2026-06-01T01:41:22.546Z",
        "dateUpdated": "2026-06-08T00:30:49.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10305 (GCVE-0-2026-10305)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:40 – Updated: 2026-06-07 23:19
    VLAI
    Summary
    Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 223a2a41ba4f462e4abe767bebba49a366c9b9fd
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10305",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:17:56.750269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:18:08.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "223a2a41ba4f462e4abe767bebba49a366c9b9fd"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers.\u003cp\u003eThis issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers.\n\nThis issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:19:43.751Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/587"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-10305",
        "datePublished": "2026-06-04T09:40:26.586Z",
        "dateReserved": "2026-06-01T01:41:05.803Z",
        "dateUpdated": "2026-06-07T23:19:43.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47319 (GCVE-0-2026-47319)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:39 – Updated: 2026-06-08 05:31
    VLAI
    Summary
    Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory allocation with excessive size value
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd
    Create a notification for this product.
    Credits
    Feng Ning, Innora Security Research (feng@innora.ai)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:18:40.838007Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:19:08.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Feng Ning, Innora Security Research (feng@innora.ai)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation.\u003cp\u003eThis issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.\u003c/p\u003e"
                }
              ],
              "value": "Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation.\n\nThis issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory allocation with excessive size value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T05:31:02.960Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/588"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47319",
        "datePublished": "2026-06-04T09:39:55.058Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-08T05:31:02.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47320 (GCVE-0-2026-47320)

    Vulnerability from cvelistv5 – Published: 2026-06-04 09:38 – Updated: 2026-06-07 23:35
    VLAI
    Summary
    Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of uninitialized pointer
    • CWE-674 - Uncontrolled Recursion
    References
    Impacted products
    Vendor Product Version
    Samsung Open Source rlottie Unaffected: eae37633fda13ac05b25c6c95aacea4bc33c80a3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-04T12:19:42.336040Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-04T12:20:28.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "eae37633fda13ac05b25c6c95aacea4bc33c80a3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads.\u003cp\u003eThis issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.\u003c/p\u003e"
                }
              ],
              "value": "Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads.\n\nThis issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            },
            {
              "capecId": "CAPEC-231",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-231 Oversized Serialized Data Payloads"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of uninitialized pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T23:35:51.061Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/593"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2026-47320",
        "datePublished": "2026-06-04T09:38:27.208Z",
        "dateReserved": "2026-05-19T05:50:23.979Z",
        "dateUpdated": "2026-06-07T23:35:51.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53074 (GCVE-0-2025-53074)

    Vulnerability from cvelistv5 – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:31
    VLAI
    Summary
    Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:09:55.839672Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:31:56.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:48:54.197Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53074",
        "datePublished": "2025-06-30T01:48:54.197Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:31:56.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53076 (GCVE-0-2025-53076)

    Vulnerability from cvelistv5 – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:32
    VLAI
    Summary
    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53076",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:10:13.051455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:32:03.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:48:25.071Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/573"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53076",
        "datePublished": "2025-06-30T01:48:25.071Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:32:03.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53075 (GCVE-0-2025-53075)

    Vulnerability from cvelistv5 – Published: 2025-06-30 01:47 – Updated: 2025-06-30 13:53
    VLAI
    Summary
    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    References
    Impacted products
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:53:25.647386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:53:37.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:47:05.766Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-53075",
        "datePublished": "2025-06-30T01:47:05.766Z",
        "dateReserved": "2025-06-24T23:17:22.556Z",
        "dateUpdated": "2025-06-30T13:53:37.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0634 (GCVE-0-2025-0634)

    Vulnerability from cvelistv5 – Published: 2025-06-30 01:44 – Updated: 2026-01-22 18:06
    VLAI
    Summary
    Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Impacted products
    Vendor Product Version
    Samsung Open Source rLottie Affected: V0.2 (custom)
    Create a notification for this product.
    Credits
    Meta Product Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T13:55:08.968879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T13:55:23.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-01-22T18:06:37.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "rLottie",
              "repo": "https://github.com/Samsung/rlottie",
              "vendor": "Samsung Open Source",
              "versions": [
                {
                  "status": "affected",
                  "version": "V0.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Meta Product Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
                }
              ],
              "value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T01:44:57.595Z",
            "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
            "shortName": "samsung.tv_appliance"
          },
          "references": [
            {
              "url": "https://github.com/Samsung/rlottie/pull/571"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "assignerShortName": "samsung.tv_appliance",
        "cveId": "CVE-2025-0634",
        "datePublished": "2025-06-30T01:44:57.595Z",
        "dateReserved": "2025-01-22T06:51:23.085Z",
        "dateUpdated": "2026-01-22T18:06:37.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }