CVE-2026-15551 PUBLISHED

Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Assigner: samsung.tv_appliance
Reserved: 12.07.2026 Published: 13.07.2026 Updated: 13.07.2026

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers.

This issue affects .

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H
CVSS Score: 5.5

Product Status

Vendor Samsung Open Source
Product rlottie
Versions Default: unaffected
  • Version bf689b72b8482c5ea674235854bd11b6d1b42588 is unaffected

References

Problem Types

  • CWE-190 Integer overflow or wraparound CWE

Impacts

  • CAPEC-100 Overflow Buffers