Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Analysis
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Technical ContextAI
A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).
RemediationAI
Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLotti
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie:
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availa
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| plucky | ignored | end of life, was needs-triage |
| focal | released | 0~git20200305.a717479+dfsg-1ubuntu0.1~esm2 |
| jammy | released | 0.1+dfsg-2ubuntu0.2 |
| noble | released | 0.1+dfsg-4ubuntu1.1 |
| upstream | released | - |
| oracular | ignored | end of life, was needs-triage |
| questing | released | 0.1+dfsg-4.2ubuntu0.1 |
Debian
Bug #1109341| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 0.1+dfsg-2+deb11u1 | - |
| bullseye (security) | fixed | 0.1+dfsg-2+deb11u1 | - |
| bookworm | fixed | 0.1+dfsg-4+deb12u1 | - |
| trixie | fixed | 0.1+dfsg-4.2+deb13u1 | - |
| forky, sid | fixed | 0.1+dfsg-4.3 | - |
| (unstable) | fixed | 0.1+dfsg-4.3 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19505