CVE-2025-0634

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-0634
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0634.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0634
Downstream
Published
2025-06-30T02:15:20.920Z
Modified
2026-04-12T19:53:17.313833Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.

References

Affected packages

Git / github.com/samsung/rlottie

Affected ranges

Type
GIT
Repo
https://github.com/samsung/rlottie
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bf3d272df3916a0c34575ac8286cb0fe672fd0d4
Fixed
507ea027e47d3e1dc7ddbd9994621215eae7ebb9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2"
        }
    ]
}

Affected versions

v0.*
v0.1
v0.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0634.json"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "1680078744998775450546897286106159080",
                "281274337787590333870186503369247391457",
                "114646057763454309563718641122470238653",
                "92920650848282273877990483716988176886",
                "129316867285711219374874106045189563362",
                "80341495789011435719919370952384867865",
                "177735148216854572913049190379865782927"
            ]
        },
        "id": "CVE-2025-0634-6e4e5aff",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "file": "src/vector/freetype/v_ft_raster.cpp"
        }
    },
    {
        "digest": {
            "length": 702.0,
            "function_hash": "245072279660895681463165607939651442691"
        },
        "id": "CVE-2025-0634-6e8b58cd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "function": "model::Gradient::populate",
            "file": "src/lottie/lottiemodel.cpp"
        }
    },
    {
        "digest": {
            "length": 945.0,
            "function_hash": "204695745559461646160451190006875346027"
        },
        "id": "CVE-2025-0634-a31638c3",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "function": "renderer::CompLayer::CompLayer",
            "file": "src/lottie/lottieitem.cpp"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "256330220647333664384347142197709906959",
                "14636760670615604174999965533490805572",
                "248068210384551633734720372787180215762",
                "885945138917674059487286142663491422",
                "214193567666159470565275389681439777208",
                "208386303999048609830415019542952255799",
                "268090434518123338066875699580349007689",
                "239396402115646766267371972361776749701",
                "189156972010994894469905246412134376139",
                "269326389554893786478873603632266464029",
                "73354721965288673988069985817752705605",
                "130444555069623272652857241149583848651"
            ]
        },
        "id": "CVE-2025-0634-a807a540",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "file": "src/lottie/lottiemodel.cpp"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "199838554978675382372929681099709638107",
                "74482444880095085316538053223376869934",
                "195102133323160246926983532004809375652",
                "274659082006209275158349786699720102919",
                "85575780588459111992727752531821228784",
                "164802824739798189736408756487607379487",
                "35872641386154027615479021697838145070",
                "15629907309339067094108889384213062892",
                "228909627023667530641214910598204896395",
                "41859121103796102739840443019593883832",
                "94795492286309594214737227792179697140",
                "327776696422307682639028435009871451346",
                "285211909265985432020507933275415669964",
                "138963012739067062143722170987802020120",
                "129208076145117739748049887198000770562",
                "178912350714117990126103118658683901559",
                "318741435884125395496477248372216941719",
                "332897015697222535459662072273993433764",
                "100945789949508853237470597088551868436"
            ]
        },
        "id": "CVE-2025-0634-b36d82e2",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "file": "src/lottie/lottiemodel.h"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270902570440563698446662908798757922348",
                "27143693503514119299763879232175851819",
                "40210664307617790830819626050327568157",
                "280889734117050877946506648243290921720"
            ]
        },
        "id": "CVE-2025-0634-bb55ad1c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "file": "src/lottie/lottieitem.cpp"
        }
    },
    {
        "digest": {
            "length": 2345.0,
            "function_hash": "194615939889822493272516550367963902398"
        },
        "id": "CVE-2025-0634-f605f55d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9",
        "target": {
            "function": "gray_render_line",
            "file": "src/vector/freetype/v_ft_raster.cpp"
        }
    }
]
vanir_signatures_modified 
"2026-04-12T19:53:17Z"