EUVD-2026-30840
GHSA-rfr8-h3jx-53jv
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.
This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
AnalysisAI
Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all products, services, and applications using Samsung Escargot JavaScript engine (identify by commit 590345cc6258317c5da850d846ce6baaf2afc2d3 or earlier versions) and classify by risk exposure. Within 7 days: Restrict Escargot engine to execution of code from trusted sources only; implement process isolation and sandboxing for JavaScript execution contexts; disable the engine in non-critical workflows. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through t
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferenci
Share
External POC / Exploit Code
Leaving vuln.today