Uncontrolled Recursion Vulnerability in Samsung's Open Source rlottie
CVE-2026-47320

6.1MEDIUM

Key Information:

Status
Vendor
CVE Published:
4 June 2026

What is CVE-2026-47320?

An uncontrolled recursion vulnerability in Samsung's rlottie Open Source library enables pointer manipulation, leading to potential exploitation through oversized serialized data payloads. The issue arises from the access of uninitialized pointers, which may result in unexpected behavior within the software. Users and developers utilizing rlottie should take immediate steps to review and mitigate this risk by updating to the latest secure versions.

Affected Version(s)

rlottie eae37633fda13ac05b25c6c95aacea4bc33c80a3

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.