Rlottie
Monthly
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availability impact including potential crash or memory corruption. Exploitation requires local access, low privileges, user interaction, and high attack complexity, making this a lower-urgency finding despite the buffer overflow class. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog. The upstream fix is available as a GitHub pull request (#595), though a formally tagged patched release version has not been independently confirmed.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availability impact including potential crash or memory corruption. Exploitation requires local access, low privileges, user interaction, and high attack complexity, making this a lower-urgency finding despite the buffer overflow class. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog. The upstream fix is available as a GitHub pull request (#595), though a formally tagged patched release version has not been independently confirmed.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.