CVE-2026-47320 PUBLISHED

Assigner: samsung.tv_appliance
Reserved: 19.05.2026 Published: 04.06.2026 Updated: 04.06.2026

Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads.

This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CVSS Score: 6.1

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Samsung Open Source
Product	rlottie
Versions	Default: unaffected Version eae37633fda13ac05b25c6c95aacea4bc33c80a3 is unaffected

References

https://github.com/Samsung/rlottie/pull/593

Problem Types

CWE-824 Access of uninitialized pointer CWE
CWE-674 Uncontrolled Recursion CWE

Impacts

CAPEC-129 Pointer Manipulation
CAPEC-231 Oversized Serialized Data Payloads