Skip to main content

Samsung Escargot CVE-2026-58303

| EUVDEUVD-2026-42571 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-07-09 samsung.tv_appliance GHSA-95xm-4789-hr5f
6.1
CVSS 3.1 · Vendor: samsung.tv_appliance
Share

Severity by source

Vendor (samsung.tv_appliance) PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
vuln.today AI
6.1 MEDIUM

Local vector with user interaction reflects JS engine processing user-supplied scripts; PR:N as no OS credentials needed; A:H for reliable crash, I:L for stack corruption, C:N as no data exposure.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (samsung.tv_appliance).

CVSS VectorVendor: samsung.tv_appliance

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 12:07 vuln.today

DescriptionCVE.org

Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.

This issue affects Escargot: before b30b63fc63b403907d8137da1c65aaa4521fe74e.

AnalysisAI

Stack-based buffer overflow in Samsung's Escargot JavaScript engine enables local attackers to crash the engine or corrupt stack memory by supplying malicious JavaScript input, requiring user interaction to trigger. All Escargot releases prior to commit b30b63fc63b403907d8137da1c65aaa4521fe74e are affected, with impacts including high availability loss and limited integrity compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious JavaScript payload
Exploit
Deliver to local Escargot-based application
Execution
Trigger stack buffer overflow during JS parsing or execution
Impact
Corrupt stack memory causing engine crash (DoS) or limited integrity impact

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a device running Escargot and user interaction - specifically, a user or local process must actively supply or trigger execution of a malicious JavaScript payload through the Escargot engine. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.1 (Medium) is consistent with the constrained attack surface: AV:L limits exploitation to local context, AC:L indicates no special race conditions or configurations are needed once local access is achieved, and UI:R means passive or silent exploitation is not possible - a user or process must actively supply malicious JavaScript. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious JavaScript file containing input designed to overflow a stack buffer during Escargot's parsing or execution phase - for example, an abnormally large string, deeply nested object literal, or specially structured bytecode. The malicious script is delivered to a Samsung TV or appliance where Escargot processes it, either through a user-opened local file or an application that feeds external content to the engine. …
Remediation The upstream fix is available via GitHub pull request #1585 (https://github.com/Samsung/escargot/pull/1585), which introduces the corrected code at commit b30b63fc63b403907d8137da1c65aaa4521fe74e. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58303 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy