Skip to main content

Rlottie

5 CVEs product

Monthly

CVE-2026-15551 MEDIUM This Month

Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availability impact including potential crash or memory corruption. Exploitation requires local access, low privileges, user interaction, and high attack complexity, making this a lower-urgency finding despite the buffer overflow class. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog. The upstream fix is available as a GitHub pull request (#595), though a formally tagged patched release version has not been independently confirmed.

Integer Overflow Samsung Buffer Overflow Rlottie
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53076 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Information Disclosure Samsung Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53074 CRITICAL PATCH Act Now

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Samsung Information Disclosure Buffer Overflow Ubuntu Debian +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-53075 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Samsung Path Traversal Ubuntu Debian Rlottie
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0634 CRITICAL PATCH Act Now

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Samsung Use After Free Memory Corruption Denial Of Service Ubuntu +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM This Month

Integer overflow in Samsung's open-source rlottie animation rendering library leads to buffer overflow, with high availability impact including potential crash or memory corruption. Exploitation requires local access, low privileges, user interaction, and high attack complexity, making this a lower-urgency finding despite the buffer overflow class. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog. The upstream fix is available as a GitHub pull request (#595), though a formally tagged patched release version has not been independently confirmed.

Integer Overflow Samsung Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.

Information Disclosure Samsung Ubuntu +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.

Samsung Information Disclosure Buffer Overflow +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Samsung Path Traversal Ubuntu +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

Samsung Use After Free Memory Corruption +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy