Skip to main content

Ubuntu CVE-2025-0634

| EUVDEUVD-2025-19505 CRITICAL
Use After Free (CWE-416)
2025-06-30 PSIRT@samsung.com
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 01:25 euvd
EUVD-2025-19505
Analysis Generated
Mar 16, 2026 - 01:25 vuln.today
CVE Published
Jun 30, 2025 - 02:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Analysis

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Technical ContextAI

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).

RemediationAI

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

Vendor StatusVendor

Ubuntu

Priority: Medium
rlottie
Release Status Version
plucky ignored end of life, was needs-triage
focal released 0~git20200305.a717479+dfsg-1ubuntu0.1~esm2
jammy released 0.1+dfsg-2ubuntu0.2
noble released 0.1+dfsg-4ubuntu1.1
upstream released -
oracular ignored end of life, was needs-triage
questing released 0.1+dfsg-4.2ubuntu0.1

Debian

Bug #1109341
rlottie
Release Status Fixed Version Urgency
bullseye fixed 0.1+dfsg-2+deb11u1 -
bullseye (security) fixed 0.1+dfsg-2+deb11u1 -
bookworm fixed 0.1+dfsg-4+deb12u1 -
trixie fixed 0.1+dfsg-4.2+deb13u1 -
forky, sid fixed 0.1+dfsg-4.3 -
(unstable) fixed 0.1+dfsg-4.3 -

Share

CVE-2025-0634 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy