Skip to main content

Samsung rlottie EUVDEUVD-2026-34233

| CVE-2026-47319 MEDIUM
Memory Allocation with Excessive Size Value (CWE-789)
2026-06-04 samsung.tv_appliance GHSA-5j7g-c464-cj57
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 04, 2026 - 10:22 vuln.today
Analysis Generated
Jun 04, 2026 - 10:22 vuln.today

DescriptionCVE.org

Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation.

This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.

AnalysisAI

Uncontrolled memory allocation in Samsung Open Source rlottie allows a local attacker to trigger excessive heap allocation by supplying a crafted Lottie animation file containing polygon or polystar shape elements with arbitrarily large point counts. Affected are all rlottie versions prior to commit 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. An attacker who can cause a user to open a malicious .lottie or .json animation - in any application embedding the rlottie library - can achieve a high-severity denial-of-service and a minor integrity impact, consistent with the CVSS A:H/I:L scoring. No public exploit code exists and no CISA KEV listing is present at time of analysis.

Technical ContextAI

rlottie is an open-source C++ library by Samsung (cpe:2.3:a:samsung_open_source:rlottie:*:*:*:*:*:*:*:*) that renders Lottie animation files - a JSON-based vector animation format - widely embedded in mobile apps, smart TV UIs, and desktop frameworks. The vulnerable code resides in src/vector/vpath.cpp within the VPath::VPathData::addPolystar() and VPath::VPathData::addPolygon() methods. Both functions accept a floating-point points parameter that governs how many vertices are computed and allocated for polygon/polystar shapes. Prior to the fix, no upper bound was enforced on this value, mapping directly to CWE-789 (Memory Allocation with Excessive Size Value): the library trusts attacker-controlled input from an animation file to size heap allocations without validation. The fix (PR #588) caps points at a hard maximum of 1024.0f in both code paths before any allocation occurs.

RemediationAI

The upstream fix is available as GitHub PR #588 (https://github.com/Samsung/rlottie/pull/588), which introduces a compile-time constant MAX_POLY_POINTS = 1024.0f and clamps the points parameter in both addPolystar() and addPolygon() before allocation. Projects consuming rlottie as a vendored dependency should cherry-pick commit 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd into their build; a tagged release version incorporating this fix has not been independently confirmed from available data. As a compensating control where patching is not immediately feasible, restrict the application's ability to load Lottie animation files from untrusted or external sources - for example, whitelist animation assets to bundled, verified resources only, or add an application-layer schema validation step that rejects polygon/polystar elements with point counts exceeding a safe threshold (e.g., 1024) before passing the file to rlottie. This workaround adds parsing overhead and requires maintaining the validation logic separately from the library.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Share

EUVD-2026-34233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy