CVE-2026-47319

A flaw was found in rlottie, an open-source library for rendering Lottie animations. A remote attacker could exploit this vulnerability by providing a specially crafted input that leads to excessive memory allocation. This excessive allocation can cause resource exhaustion, resulting in a Denial ...

UBUNTU-CVE-2026-10305

Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd...

UBUNTU-CVE-2026-47306

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

UBUNTU-CVE-2026-8916

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

CVE-2026-47306

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

PT-2026-46168

Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945...

USN-8058-1 rlottie vulnerabilities

It was discovered that rlottie did not properly handle certain inputs. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code...

EUVD-2021-18228

Malware in sbrugna...

EUVD-2021-18225

Malware in sbrugna...

Advisory ROSA-SA-2025-2987

software: rlottie 0.2 WASP: ROSA-CHROME unaffected versions = rlottie-0.2-4 affected versions rlottie-0.2-4 CVE-ID: CVE-2025-53074 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Samsung Open Source rLottie - out-of-bounds read vulnerability allows buffers to overflow. CVE-STATUS: Vulnerability has be...

UBUNTU-CVE-2025-53076

Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2...

Ubuntu 20.04 LTS / 22.04 LTS : rlottie vulnerabilities (USN-7198-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7198-1 advisory. Paolo Giai discovered a series of stack-based overflow vulnerabilities in the blit and grayrendercubic functions of a custom fork of the...

The vulnerability of the VDasher constructor in the Lottie playback library, related to data type conversion errors, allows attackers to access confidential data.

The vulnerability of the VDasher compiler’s Lottie animation playback library Rlottie is related to data type conversion errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a malicious animated sticker...

Telegram Integer Overflow Vulnerability

Telegram is an instant messaging mobile application. An integer overflow vulnerability exists in the custom derived function LOTGradient :: populate of the rlottie library in Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can...

Telegram heap buffer overflow vulnerability (CNVD-2021-38309)

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived function LOTGradient :: populate of the rlottie library in Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can...

Telegram Stack Overflow Vulnerability (CNVD-2021-38308)

Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...

Telegram Type Obfuscation Vulnerability

Telegram is an instant messaging mobile application. Telegram versions prior to 7.1.0 2090 for Android, 7.1 for iOS, and 7.1 for macOS are subject to a type obfuscation vulnerability in the custom derived VDasher constructor function of the rlottie library. An attacker can exploit this...

Telegram Stack Overflow Vulnerability

Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived blit function of the Rlottie library in Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this vulnerabili...

Telegram Type Obfuscation Vulnerability (CNVD-2021-38311)

Telegram is an instant messaging mobile application. Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1 are subject to a type confusion vulnerability in the LOTCompLayerItem :: LOTCompLayerItem function, which is a custom derivative of the rlott...

Telegram Heap Buffer Overflow Vulnerability

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived VGradientCache :: generateGradientColorTable function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior t...