Description
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Published: 2026-05-19
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Escargot, Samsung Open Source JavaScript engine, contains an out‑of‑bounds write that can corrupt memory and lead to buffer overflows. The flaw is identified as CWE‑787 and, if exploited, could allow an attacker to execute arbitrary code or crash the engine, thereby compromising the integrity of the host system.

Affected Systems

The vulnerability exists in the Escargot source at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. No formal product version numbers are listed; the issue applies to any build that includes this commit before the fix.

Risk and Exploitability

With a CVSS score of 7.8, the vulnerability is considered high severity. The EPSS score is not available and it is not listed in the CISA KEV catalog. Attackers would need to deliver malicious JavaScript that triggers the out‑of‑bounds write; the precise attack vector is inferred from the nature of Escargot as a JavaScript engine, suggesting a local or browser‑based exploitation scenario.

Generated by OpenCVE AI on May 19, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch provided in pull request 1565, which updates the source to commit 590345cc6258317c5da850d846ce6baaf2afc2d3.
  • If the patch cannot be applied immediately, isolate the Escargot engine from untrusted scripts by restricting its use to controlled environments or by disabling JavaScript execution in public‑facing components.
  • Monitor Samsung's Escargot release notes and security advisories for updates, and verify that subsequent releases incorporate the fix.

Generated by OpenCVE AI on May 19, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 May 2026 09:15:00 +0000

Type Values Removed Values Added
Title Escargot Out‑of‑Bounds Write Leading to Buffer Overflow

Tue, 19 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source escargot
Vendors & Products Samsung Open Source
Samsung Open Source escargot

Tue, 19 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Open Source Escargot
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-05-19T13:19:57.007Z

Reserved: 2026-05-19T02:40:40.159Z

Link: CVE-2026-47314

cve-icon Vulnrichment

Updated: 2026-05-19T13:19:53.328Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-19T08:16:15.730

Modified: 2026-05-19T14:25:40.320

Link: CVE-2026-47314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T09:00:06Z

Weaknesses