Description
Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers.

This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
Published: 2026-06-04
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Stack-based buffer overflow vulnerability in Samsung Open Source rlottie permits overflowing buffers. The flaw exists in the library’s handling of Lottie animation data and can allow an adversary to overwrite adjacent stack memory. If exploited, an attacker could execute arbitrary code or crash the process, thereby compromising the confidentiality, integrity, or availability of the affected system. The weakness corresponds to CWE‑121: Stack-based Buffer Overflow.

Affected Systems

Samsung Open Source rlottie, versions prior to the commit ce72b35a7ad0dded03051d3aa0ef75321c3bd035. The flaw was present in all releases that used the vulnerable code path; any deployment that incorporates an earlier version of rlottie is susceptible. Devices and software that embed this library without updating to the patched revision are at risk.

Risk and Exploitability

CVSS score of 6.1 indicates moderate severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is currently undefined; however, given that rlottie is used to render Lottie animations, the most likely exploitation scenario involves an attacker providing a crafted Lottie file to a vulnerable application. Without an official exploit, the practical exploitation risk remains moderate, but the potential for local code execution warrants timely remediation, especially in environments where trusted input cannot be guaranteed.

Generated by OpenCVE AI on June 4, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from the Samsung rlottie PR #582 by updating the library source to commit ce72b35a7ad0dded03051d3aa0ef75321c3bd035 or a later release that includes this fix.
  • Recompile and deploy the updated rlottie library to all affected applications and firmware components, replacing any binaries that contain the older, vulnerable code.
  • Restrict the processing of Lottie files to trusted sources or implement sandboxing of applications that consume animations to contain potential exploitation.

Generated by OpenCVE AI on June 4, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Open Source
Samsung Open Source rlottie
Vendors & Products Samsung Open Source
Samsung Open Source rlottie

Thu, 04 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow in Samsung Open Source rlottie Library

Thu, 04 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Samsung Open Source Rlottie
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-06-08T08:09:44.846Z

Reserved: 2026-05-19T05:50:23.979Z

Link: CVE-2026-47318

cve-icon Vulnrichment

Updated: 2026-06-04T12:09:34.044Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T10:16:39.057

Modified: 2026-06-04T15:27:23.470

Link: CVE-2026-47318

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:08:26Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow