Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Analysis
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Technical ContextAI
This vulnerability is classified as Improper Input Validation (CWE-20).
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie:
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availa
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 0.1+dfsg-2 | - |
| bullseye (security) | fixed | 0.1+dfsg-2+deb11u1 | - |
| bookworm | fixed | 0.1+dfsg-4+deb12u1 | - |
| trixie | fixed | 0.1+dfsg-4.2+deb13u1 | - |
| forky, sid | fixed | 0.1+dfsg-4.3 | - |
| (unstable) | not-affected | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19536