CVE-2026-41664
Integer Overflow in Samsung Open Source ONE Causes Memory Corruption
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Samsung TV & Appliance
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | one | to 1.30.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the memory copy size calculation within Samsung Open Source ONE. It occurs when handling large tensor shapes, which can cause the calculation of the memory size to overflow and result in invalid memory operations.
How can this vulnerability impact me? :
The integer overflow can lead to invalid memory operations, which may cause application crashes or potentially allow an attacker to execute arbitrary code or cause denial of service. The CVSS score indicates a moderate severity with possible impacts on confidentiality, integrity, and high impact on availability.