Skip to main content

Samsung Escargot CVE-2026-47312

| EUVDEUVD-2026-30848 MEDIUM
Release of Invalid Pointer or Reference (CWE-763)
2026-05-19 samsung.tv_appliance GHSA-3hmv-xgq6-6pp3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 08:32 vuln.today
Analysis Generated
May 19, 2026 - 08:32 vuln.today

DescriptionCVE.org

Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.

This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

AnalysisAI

Denial-of-service via invalid pointer dereference in Samsung Open Source Escargot JavaScript engine affects the specific commit 590345cc6258317c5da850d846ce6baaf2afc2d3, allowing a locally-present attacker to crash the runtime through crafted JavaScript. The root cause (CWE-763) involves unconditional dereference of a potentially invalid or null error pointer in the resultOrErrorToString path, triggerable via nested eval/throw/finally patterns that induce GC allocation during exception handling. No public exploit code exists and no CISA KEV listing is present at time of analysis.

Technical ContextAI

Escargot is a lightweight JavaScript engine developed by Samsung Open Source, designed for embedded platforms including smart TVs and appliances (reporter: samsung.tv_appliance). CWE-763 describes the release or use of an invalid memory reference. The primary defect, visible in PR #1565 diff of EscargotPublic.cpp, is that resultOrErrorToString unconditionally casts and dereferences error.value() as a ValueRef* without first validating it - a situation that arises in edge cases where a nested eval with throw inside a finally block triggers a GC allocation, leaving the error slot in an invalid or null state. Secondary fixes in the same PR address a related integer underflow in BuiltinTypedArray.cpp's copyWithin implementation (buffer resize during argument coercion can yield negative values that underflow when cast to size_t), unsafe fast-mode array state assumptions in ByteCodeInterpreter.cpp, coercion-order bugs in DataViewObject.h, and an OOM abort handler in Heap.cpp. CPE cpe:2.3:a:samsung_open_source:escargot:*:*:*:*:*:*:*:* covers the Samsung Open Source Escargot product line broadly; the advisory narrows the confirmed affected artifact to the named commit.

RemediationAI

The upstream fix is available via GitHub Pull Request #1565 at https://github.com/Samsung/escargot/pull/1565. A versioned, tagged release incorporating this fix has not been independently confirmed - the patch exists as an upstream PR/commit only, and no released patched version is cited in the advisory. Organizations embedding Escargot should update their Escargot dependency to a commit at or after the merge of PR #1565 and rebuild affected firmware or application packages. As a compensating control prior to patching, restrict the Escargot runtime from executing untrusted or externally-supplied JavaScript; in Samsung appliance contexts this may mean disabling or sandboxing user-accessible scripting surfaces. No additional vendor advisory URL is available beyond the GitHub PR reference.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Share

CVE-2026-47312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy