PatchSiren cyber security CVE debrief
CVE-2026-10305 Samsung Open Source CVE debrief
CVE-2026-10305 is an out-of-bounds read vulnerability in Samsung Open Source rlottie that allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. The vulnerability has a CVSS score of 6.1 and a severity of MEDIUM.
- Vendor
- Samsung Open Source
- Product
- rlottie
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Developers and users of Samsung Open Source rlottie, especially those using versions before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
Technical summary
The vulnerability is caused by an out-of-bounds read issue in the rlottie library, which can lead to Overread Buffers. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H.
Defensive priority
MEDIUM
Recommended defensive actions
- Update rlottie to version 223a2a41ba4f462e4abe767bebba49a366c9b9fd or later.
- Refer to [ref-4](https://github.com/Samsung/rlottie/pull/587) for more information.
Evidence notes
The CVE record for CVE-2026-10305 can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-10305). The NVD detail for this vulnerability is available at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-10305).
Official resources
-
CVE-2026-10305 CVE record
CVE.org
-
CVE-2026-10305 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-10305 was published on 2026-06-04T10:16:37.570Z and modified on 2026-06-04T15:27:23.470Z.