Package: rlottie
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for rlottie.

CVE-2025-0634[0]:
| Use After Free vulnerability in Samsung Open Source rLottie allows
| Remote Code Inclusion.This issue affects rLottie: V0.2.

https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9


CVE-2025-53074[1]:
| Out-of-bounds Read vulnerability in Samsung Open Source rLottie
| allows Overflow Buffers.This issue affects rLottie: V0.2.

https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9


CVE-2025-53075[2]:
| Improper Input Validation vulnerability in Samsung Open Source
| rLottie allows Path Traversal.This issue affects rLottie: V0.2.

https://github.com/Samsung/rlottie/pull/571 https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-0634
https://www.cve.org/CVERecord?id=CVE-2025-0634
[1] https://security-tracker.debian.org/tracker/CVE-2025-53074
https://www.cve.org/CVERecord?id=CVE-2025-53074
[2] https://security-tracker.debian.org/tracker/CVE-2025-53075
https://www.cve.org/CVERecord?id=CVE-2025-53075

Please adjust the affected versions in the BTS as needed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)