Package: rlottie X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for rlottie. CVE-2025-0634[0]: | Use After Free vulnerability in Samsung Open Source rLottie allows | Remote Code Inclusion.This issue affects rLottie: V0.2. https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9 CVE-2025-53074[1]: | Out-of-bounds Read vulnerability in Samsung Open Source rLottie | allows Overflow Buffers.This issue affects rLottie: V0.2. https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9 CVE-2025-53075[2]: | Improper Input Validation vulnerability in Samsung Open Source | rLottie allows Path Traversal.This issue affects rLottie: V0.2. https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-0634 https://www.cve.org/CVERecord?id=CVE-2025-0634 [1] https://security-tracker.debian.org/tracker/CVE-2025-53074 https://www.cve.org/CVERecord?id=CVE-2025-53074 [2] https://security-tracker.debian.org/tracker/CVE-2025-53075 https://www.cve.org/CVERecord?id=CVE-2025-53075 Please adjust the affected versions in the BTS as needed.
