CVE-2026-49510
Deferred Deferred - Pending Action
Integer Overflow in Samsung rlottie Library

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: Samsung TV & Appliance

Description
Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie:Β beforeΒ 21292665023e5074b38254432716866d00f1985f.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-49510
EUVD
EUVD-2026-34235
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
samsung rlottie to 21292665023e5074b38254432716866d00f1985f (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow issue in the Samsung Open Source rlottie library, specifically in the Gradient::populate() function. When untrusted JSON input provides a colorPoints value that is very large (greater than or equal to 0x40000000), multiplying this value by 4 causes an integer overflow. This overflow results in the calculation wrapping around to zero, which bypasses the bounds check and leads to a heap buffer over-read during gradient rendering.

Impact Analysis

The integer overflow can cause a heap buffer over-read, which may lead to application crashes or potentially allow an attacker to read sensitive memory contents. According to the CVSS score (6.1), the impact includes low integrity and high availability impact, meaning the vulnerability could disrupt the normal operation of the application and possibly allow unauthorized modification of data.

Detection Guidance

This vulnerability arises from a signed integer overflow in the Gradient::populate() function when processing untrusted JSON input with a specific field (g.p) set to very large values. Detection would involve monitoring or analyzing inputs to the rlottie library, especially JSON data that includes the colorPoints or g.p field with values greater than or equal to 0x40000000.

Since the issue is triggered by specific input values causing integer overflow, detection on a system could involve:

  • Reviewing logs or application inputs for unusually large values in the g.p field of JSON data processed by rlottie.
  • Using debugging or instrumentation tools to monitor calls to the Gradient::populate() function for suspicious parameter values.

There are no explicit commands provided in the resources to detect this vulnerability automatically.

Mitigation Strategies

The vulnerability was fixed by a patch that addresses the integer overflow in the Gradient::populate() function by properly handling large values in the colorPoints field.

Immediate mitigation steps include:

  • Update rlottie to the fixed version that includes the patch from the referenced pull request.
  • If updating is not immediately possible, restrict or sanitize untrusted JSON inputs to ensure the g.p field does not contain values greater than or equal to 0x40000000.
  • Monitor applications using rlottie for unusual crashes or behavior that might indicate exploitation attempts.
Compliance Impact

The provided information does not specify how the integer overflow vulnerability in Samsung Open Source rlottie impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49510. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart