Description
Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers.

This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
Published: 2026-06-04
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds read in the Samsung Open Source rlottie library, identified as CWE‑125, which permits an attacker to read memory beyond allocated buffers. This buffer overread can expose sensitive data or system state that should not be accessed, potentially leading to information disclosure.

Affected Systems

Samsung Open Source rlottie versions prior to commit 223a2a41ba4f462e4abe767bebba49a366c9b9fd are affected. No other vendors or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.1 classifies this as a medium severity issue. EPSS information is unavailable, and the vulnerability is not listed in CISA KEV, suggesting no current exploitation reports. The attack vector is not explicitly stated; the likely exploitation scenario involves feeding crafted data to rlottie, which processes Lottie animation files. An attacker with the ability to influence these inputs could trigger the buffer overread.

Generated by OpenCVE AI on June 4, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade rlottie to a commit version equal or newer than 223a2a41ba4f462e4abe767bebba49a366c9b9fd so that the bounds check is applied.
  • If an upgrade is not possible, modify the rlottie source or replace the vulnerable function with a custom implementation that performs explicit bounds checking on all reads.
  • Limit the source of Lottie files processed by the application to trusted, validated inputs to reduce the opportunity for an attacker to supply crafted data.

Generated by OpenCVE AI on June 4, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Samsung Open Source rlottie Leading to Buffer Overread

Thu, 04 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-06-04T09:40:26.586Z

Reserved: 2026-06-01T01:41:05.803Z

Link: CVE-2026-10305

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T10:16:37.570

Modified: 2026-06-04T10:16:37.570

Link: CVE-2026-10305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T12:00:12Z

Weaknesses