Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
Analysis
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
Technical ContextAI
An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).
RemediationAI
Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLotti
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie:
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availa
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| focal | released | 0~git20200305.a717479+dfsg-1ubuntu0.1~esm2 |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| jammy | released | 0.1+dfsg-2ubuntu0.2 |
| noble | released | 0.1+dfsg-4ubuntu1.1 |
| questing | released | 0.1+dfsg-4.2ubuntu0.1 |
| upstream | released | - |
Debian
Bug #1109341| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 0.1+dfsg-2+deb11u1 | - |
| bullseye (security) | fixed | 0.1+dfsg-2+deb11u1 | - |
| bookworm | fixed | 0.1+dfsg-4+deb12u1 | - |
| trixie | fixed | 0.1+dfsg-4.2+deb13u1 | - |
| forky, sid | fixed | 0.1+dfsg-4.3 | - |
| (unstable) | fixed | 0.1+dfsg-4.3 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19537