6.1
CVE-2026-47306
- EPSS 0.1%
- Veröffentlicht 04.06.2026 09:43:14
- Zuletzt bearbeitet 04.06.2026 15:27:23
- Quelle PSIRT@samsung.com
- CVE-Watchlists
- Unerledigt
Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSamsung Open Source
≫
Produkt
rlottie
Default Statusaffected
Version
e2d19e3b150e0e4a9586fa90b56fd3061cc98945
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.012 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| PSIRT@samsung.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://github.com/Samsung/rlottie/pull/585