CVE-2025-53076

NameCVE-2025-53076
DescriptionImproper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rlottie (PTS)bullseye0.1+dfsg-2fixed
bookworm0.1+dfsg-4fixed
sid, trixie0.1+dfsg-4.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rlottiesource(unstable)(not affected)

Notes

- rlottie <not-affected> (Vulnerable code introduced later)
https://github.com/Samsung/rlottie/pull/573
Introduces with: https://github.com/Samsung/rlottie/commit/ee18d81c463df64052de3680366971cfdb179f4a
Fxied by: https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f

Search for package or bug name: Reporting problems