Primary

Context

Samsung Open Source rLottie Use-After-Free Vulnerability Allowing Remote Code Inclusion

Vulnerability

A use-after-free vulnerability has been identified in Samsung Open Source rLottie version 0.2, allowing for remote code inclusion. This vulnerability arises from inadequate validation when processing Lottie files, which could be exploited by maliciously crafted files to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

Users can update to the latest version of rLottie, where this vulnerability has been addressed, to mitigate this issue.

Added: Jun 30, 2025, 2:30 AM

Updated: Jun 30, 2025, 2:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Open Source rLottie Use-After-Free Vulnerability Allowing Remote Code Inclusion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating