6.1
CVE-2026-47320
- EPSS 0.1%
- Veröffentlicht 04.06.2026 09:38:27
- Zuletzt bearbeitet 04.06.2026 15:27:23
- Quelle PSIRT@samsung.com
- CVE-Watchlists
- Unerledigt
Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSamsung Open Source
≫
Produkt
rlottie
Default Statusaffected
Version
eae37633fda13ac05b25c6c95aacea4bc33c80a3
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.012 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| PSIRT@samsung.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.
https://github.com/Samsung/rlottie/pull/593