Severity by source
Sources disagree (Low–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Analysis
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Technical ContextAI
Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'. This vulnerability is classified as Improper Input Validation (CWE-20).
RemediationAI
Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLotti
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availa
Same weakness CWE-20 – Improper Input Validation
View allSame technique Path Traversal
View allVendor StatusVendor
Ubuntu
Priority: Low| Release | Status | Version |
|---|---|---|
| plucky | ignored | end of life, was needs-triage |
| focal | released | 0~git20200305.a717479+dfsg-1ubuntu0.1~esm2 |
| jammy | released | 0.1+dfsg-2ubuntu0.2 |
| noble | released | 0.1+dfsg-4ubuntu1.1 |
| oracular | ignored | end of life, was needs-triage |
| questing | released | 0.1+dfsg-4.2ubuntu0.1 |
| upstream | released | - |
Debian
Bug #1109341| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 0.1+dfsg-2+deb11u1 | - |
| bullseye (security) | fixed | 0.1+dfsg-2+deb11u1 | - |
| bookworm | fixed | 0.1+dfsg-4+deb12u1 | - |
| trixie | fixed | 0.1+dfsg-4.2+deb13u1 | - |
| forky, sid | fixed | 0.1+dfsg-4.3 | - |
| (unstable) | fixed | 0.1+dfsg-4.3 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19504