Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
18 vulnerabilities by Samsung Open Source
CVE-2026-40447 (GCVE-0-2026-40447)
Vulnerability from cvelistv5 – Published: 2026-04-13 05:06 – Updated: 2026-04-13 14:14
VLAI?
Summary
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
5.1 (Medium)
CWE
- CWE-190 - Integer overflow or wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T14:11:18.630511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:14:26.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer overflow or wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:39:52.897Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-40447",
"datePublished": "2026-04-13T05:06:38.362Z",
"dateReserved": "2026-04-13T04:23:34.943Z",
"dateUpdated": "2026-04-13T14:14:26.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40446 (GCVE-0-2026-40446)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:56 – Updated: 2026-04-13 18:06
VLAI?
Summary
Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
6.9 (Medium)
CWE
- CWE-843 - Access of resource using incompatible type ('type confusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:35:32.973519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T18:06:17.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Access of resource using incompatible type (\u0027type confusion\u0027) vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Access of resource using incompatible type (\u0027type confusion\u0027) vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of resource using incompatible type (\u0027type confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:40:07.424Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-40446",
"datePublished": "2026-04-13T04:56:09.635Z",
"dateReserved": "2026-04-13T04:23:34.942Z",
"dateUpdated": "2026-04-13T18:06:17.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25209 (GCVE-0-2026-25209)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:52 – Updated: 2026-04-13 13:09
VLAI?
Summary
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:09:40.874896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:09:49.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:41:09.937Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25209",
"datePublished": "2026-04-13T04:52:18.209Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T13:09:49.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25208 (GCVE-0-2026-25208)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:49 – Updated: 2026-04-13 13:10
VLAI?
Summary
Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
8.1 (High)
CWE
- CWE-190 - Integer overflow or wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:10:05.323492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:10:14.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer overflow or wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:40:56.305Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25208",
"datePublished": "2026-04-13T04:49:54.506Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T13:10:14.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25207 (GCVE-0-2026-25207)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:47 – Updated: 2026-04-13 13:16
VLAI?
Summary
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
7.4 (High)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:16:19.520281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:16:25.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:40:45.326Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25207",
"datePublished": "2026-04-13T04:47:52.290Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T13:16:25.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25206 (GCVE-0-2026-25206)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:44 – Updated: 2026-04-13 13:16
VLAI?
Summary
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
Severity ?
6.7 (Medium)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:16:49.823606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:16:57.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.\u003cp\u003eThis issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.\u003c/p\u003e"
}
],
"value": "Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:40:35.061Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25206",
"datePublished": "2026-04-13T04:44:33.446Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T13:16:57.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25205 (GCVE-0-2026-25205)
Vulnerability from cvelistv5 – Published: 2026-04-13 04:38 – Updated: 2026-04-13 13:17
VLAI?
Summary
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash
97e8115ab1110bc502b4b5e4a0c689a71520d335
.
Severity ?
7.4 (High)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
Credits
Sebastián Alba Vives / @Sebasteuo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T13:17:12.937454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:17:22.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sebasti\u00e1n Alba Vives / @Sebasteuo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.\u003cp\u003eThis issue affects Escargot:commit hash\u0026nbsp;\n\u003cspan\u003e97e8115ab1110bc502b4b5e4a0c689a71520d335\u003c/span\u003e\n\n.\u003c/p\u003e"
}
],
"value": "Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash\u00a0\n97e8115ab1110bc502b4b5e4a0c689a71520d335\n\n."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T05:40:23.465Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25205",
"datePublished": "2026-04-13T04:38:12.099Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T13:17:22.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25204 (GCVE-0-2026-25204)
Vulnerability from cvelistv5 – Published: 2026-04-13 00:47 – Updated: 2026-04-13 18:06
VLAI?
Summary
Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort.
This issue affects escarogt prior to commit hash
97e8115ab1110bc502b4b5e4a0c689a71520d335
Severity ?
6.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
97e8115ab1110bc502b4b5e4a0c689a71520d335
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:36:54.369644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T18:06:17.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eDeserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort.\u003c/div\u003e\u003cdiv\u003eThis issue affects escarogt prior to\u0026nbsp;commit hash \n\n\u003cspan\u003e97e8115ab1110bc502b4b5e4a0c689a71520d335\u003c/span\u003e\n\n\u003c/div\u003e"
}
],
"value": "Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort.\n\nThis issue affects escarogt prior to\u00a0commit hash \n\n97e8115ab1110bc502b4b5e4a0c689a71520d335"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of resource using incompatible type (\u0027type confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T01:55:39.805Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1554"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2026-25204",
"datePublished": "2026-04-13T00:47:31.806Z",
"dateReserved": "2026-01-30T06:07:11.090Z",
"dateUpdated": "2026-04-13T18:06:17.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53074 (GCVE-0-2025-53074)
Vulnerability from cvelistv5 – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:31
VLAI?
Summary
Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | rLottie |
Affected:
V0.2
|
Credits
Meta Product Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:09:55.839672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:31:56.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rLottie",
"repo": "https://github.com/Samsung/rlottie",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "V0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Meta Product Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T01:48:54.197Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/rlottie/pull/571"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53074",
"datePublished": "2025-06-30T01:48:54.197Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-06-30T13:31:56.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53076 (GCVE-0-2025-53076)
Vulnerability from cvelistv5 – Published: 2025-06-30 01:48 – Updated: 2025-06-30 13:32
VLAI?
Summary
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | rLottie |
Affected:
V0.2
|
Credits
Meta Product Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:10:13.051455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:03.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rLottie",
"repo": "https://github.com/Samsung/rlottie",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "V0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Meta Product Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T01:48:25.071Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/rlottie/pull/573"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53076",
"datePublished": "2025-06-30T01:48:25.071Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-06-30T13:32:03.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53075 (GCVE-0-2025-53075)
Vulnerability from cvelistv5 – Published: 2025-06-30 01:47 – Updated: 2025-06-30 13:53
VLAI?
Summary
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | rLottie |
Affected:
V0.2
|
Credits
Meta Product Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:53:25.647386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:53:37.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rLottie",
"repo": "https://github.com/Samsung/rlottie",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "V0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Meta Product Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T01:47:05.766Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/rlottie/pull/571"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-53075",
"datePublished": "2025-06-30T01:47:05.766Z",
"dateReserved": "2025-06-24T23:17:22.556Z",
"dateUpdated": "2025-06-30T13:53:37.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0634 (GCVE-0-2025-0634)
Vulnerability from cvelistv5 – Published: 2025-06-30 01:44 – Updated: 2026-01-22 18:06
VLAI?
Summary
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | rLottie |
Affected:
V0.2
(custom)
|
Credits
Meta Product Security
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:55:08.968879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:55:23.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-22T18:06:37.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rLottie",
"repo": "https://github.com/Samsung/rlottie",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "V0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Meta Product Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.\u003cp\u003eThis issue affects rLottie: V0.2.\u003c/p\u003e"
}
],
"value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T01:44:57.595Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/rlottie/pull/571"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2025-0634",
"datePublished": "2025-06-30T01:44:57.595Z",
"dateReserved": "2025-01-22T06:51:23.085Z",
"dateUpdated": "2026-01-22T18:06:37.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40754 (GCVE-0-2024-40754)
Vulnerability from cvelistv5 – Published: 2024-09-10 10:48 – Updated: 2024-09-18 22:42
VLAI?
Summary
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
4.0.0
|
Date Public ?
2024-09-10 05:15
Credits
Jeonil Ji, Sunghoon Jang
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:samsung_open_source:escargot:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "escargot",
"vendor": "samsung_open_source",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:32:27.116781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:34:24.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "JavaScript engine",
"product": "Escargot",
"repo": "https://github.com/Samsung/escargot/",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jeonil Ji, Sunghoon Jang"
}
],
"datePublic": "2024-09-10T05:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.\u003cp\u003eThis issue affects Escargot: 4.0.0.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T22:42:55.403Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1369"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2024-40754",
"datePublished": "2024-09-10T10:48:51.493Z",
"dateReserved": "2024-07-10T03:39:53.782Z",
"dateUpdated": "2024-09-18T22:42:55.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32671 (GCVE-0-2024-32671)
Vulnerability from cvelistv5 – Published: 2024-07-29 02:33 – Updated: 2024-08-02 02:13
VLAI?
Summary
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
4.0.0
|
Date Public ?
2024-07-23 09:34
Credits
Nao Kosaka
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:samsung:escargot:4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "escargot",
"vendor": "samsung",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T13:51:01.102464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T18:33:04.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Samsung/escargot/pull/1359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "JavaScript engine",
"product": "Escargot",
"repo": "https://github.com/Samsung/escargot/",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nao Kosaka"
}
],
"datePublic": "2024-07-23T09:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.\u003cp\u003eThis issue affects Escargot: 4.0.0.\u003c/p\u003e"
}
],
"value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T02:33:54.477Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1359"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2024-32671",
"datePublished": "2024-07-29T02:33:54.477Z",
"dateReserved": "2024-04-17T05:10:39.226Z",
"dateUpdated": "2024-08-02T02:13:40.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32673 (GCVE-0-2024-32673)
Vulnerability from cvelistv5 – Published: 2024-07-03 01:21 – Updated: 2024-08-16 06:40
VLAI?
Summary
Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.
This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.
Severity ?
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Walrus |
Unaffected:
0 , < 72c7230f32a0b791355bbdfc78669701024b0956
(git)
|
Date Public ?
2024-07-02 00:12
Credits
Sangwoo Park
Jeongmin Choi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:17:24.827920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T20:07:33.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Samsung/walrus/pull/241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Webassembly runtime engine",
"product": "Walrus",
"repo": "https://github.com/Samsung/walrus",
"vendor": "Samsung Open Source",
"versions": [
{
"lessThan": "72c7230f32a0b791355bbdfc78669701024b0956",
"status": "unaffected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sangwoo Park"
},
{
"lang": "en",
"type": "reporter",
"value": "Jeongmin Choi"
}
],
"datePublic": "2024-07-02T00:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\n\u003cp\u003eThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue.\n\nThis issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T06:40:46.571Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Samsung/walrus/pull/241"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2024-32673",
"datePublished": "2024-07-03T01:21:16.898Z",
"dateReserved": "2024-04-17T05:10:39.227Z",
"dateUpdated": "2024-08-16T06:40:46.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32672 (GCVE-0-2024-32672)
Vulnerability from cvelistv5 – Published: 2024-05-09 06:54 – Updated: 2024-08-02 02:13
VLAI?
Summary
A Segmentation Fault issue discovered in
Samsung Open Source Escargot JavaScript engine
allows remote attackers to cause a denial of service via crafted input.
This issue affects Escargot: 4.0.0.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
4.0.0
|
Date Public ?
2024-05-13 06:25
Credits
Pedro Batista
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T15:46:20.937765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:43.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Samsung/escargot/pull/1322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "JavaScript engine",
"product": "Escargot",
"repo": "https://github.com/Samsung/escargot/",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Pedro Batista"
}
],
"datePublic": "2024-05-13T06:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Segmentation Fault issue discovered in\n\n Samsung Open Source Escargot JavaScript engine\n\n allows remote attackers to cause a denial of service via crafted input.\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Escargot: 4.0.0.\u003c/p\u003e"
}
],
"value": "A Segmentation Fault issue discovered in\n\n Samsung Open Source Escargot JavaScript engine\n\n allows remote attackers to cause a denial of service via crafted input.\n\nThis issue affects Escargot: 4.0.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T06:54:10.130Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1322"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2024-32672",
"datePublished": "2024-05-09T06:54:10.130Z",
"dateReserved": "2024-04-17T05:10:39.227Z",
"dateUpdated": "2024-08-02T02:13:40.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32669 (GCVE-0-2024-32669)
Vulnerability from cvelistv5 – Published: 2024-05-09 06:02 – Updated: 2024-08-02 02:13
VLAI?
Title
Possible stack overflow due to a string encoding processing error
Summary
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers.
However, it occurs in the test code and does not include in the release.
This issue affects escargot: 4.0.0.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
4.0.0
|
Date Public ?
2024-05-01 01:56
Credits
Jeongmin Choi
Sangwoo Park
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:samsung_open_source:escargot:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "escargot",
"vendor": "samsung_open_source",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:34:09.355482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:10.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:40.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Samsung/escargot/pull/1326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"TestCode"
],
"packageName": "JavaScript engine",
"product": "Escargot",
"repo": "https://github.com/Samsung/escargot/",
"vendor": "Samsung Open Source",
"versions": [
{
"status": "affected",
"version": "4.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jeongmin Choi"
},
{
"lang": "en",
"type": "reporter",
"value": "Sangwoo Park"
}
],
"datePublic": "2024-05-01T01:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers.\u003cbr\u003eHowever, it occurs in the test code and does not include in the release.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects escargot: 4.0.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nImproper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers.\nHowever, it occurs in the test code and does not include in the release.\n\nThis issue affects escargot: 4.0.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T06:02:57.653Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1326"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible stack overflow due to a string encoding processing error",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2024-32669",
"datePublished": "2024-05-09T06:02:53.218Z",
"dateReserved": "2024-04-17T05:10:39.226Z",
"dateUpdated": "2024-08-02T02:13:40.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41268 (GCVE-0-2023-41268)
Vulnerability from cvelistv5 – Published: 2023-12-06 03:46 – Updated: 2024-12-02 15:04
VLAI?
Title
Possible stack overflow due to insufficient input validation
Summary
Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Open Source | Escargot |
Affected:
3.0.0 , ≤ 4.0.0
(git)
|
Date Public ?
2023-12-12 00:00
Credits
Android Sri
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Samsung/escargot/pull/1260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T15:03:57.071030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:04:06.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Escargot",
"repo": "https://github.com/Samsung/escargot/",
"vendor": "Samsung Open Source",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "3.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Android Sri"
}
],
"datePublic": "2023-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.\u0026nbsp;\u003cp\u003eThis issue affects Escargot: from 3.0.0 through 4.0.0.\u003c/p\u003e"
}
],
"value": "Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.\u00a0This issue affects Escargot: from 3.0.0 through 4.0.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T09:24:10.303Z",
"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"shortName": "samsung.tv_appliance"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Samsung/escargot/pull/1260"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Possible stack overflow due to insufficient input validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
"assignerShortName": "samsung.tv_appliance",
"cveId": "CVE-2023-41268",
"datePublished": "2023-12-06T03:46:16.110Z",
"dateReserved": "2023-08-28T08:40:10.107Z",
"dateUpdated": "2024-12-02T15:04:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}