UbuntuUpdates.org

Package "rlottie"

Name: rlottie

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library for rendering vector based animations and art (development headers)
  • library for rendering vector based animations and art
Latest version: 0.1+dfsg-2ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "rlottie" in Jammy

Repository Area Version
base universe 0.1+dfsg-2
security universe 0.1+dfsg-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.1+dfsg-2ubuntu0.2 2026-02-27 22:07:41 UTC

  rlottie (0.1+dfsg-2ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Memory overflow vulnerability
    - d/p/CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch: Add validation
      checks to address potential vulnerabilities in case of a malicious
      lottie file
    - CVE-2025-0634
    - CVE-2025-53074
    - CVE-2025-53075

 -- Shishir Subedi <email address hidden> Fri, 20 Feb 2026 13:22:43 +0545
Source diff to previous version
CVE-2025-0634 Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
CVE-2025-53074 Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.
CVE-2025-53075 Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.

Version: 0.1+dfsg-2ubuntu0.1 2025-01-09 23:06:54 UTC

  rlottie (0.1+dfsg-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow patch was incomplete
    - debian/patches/Check-buffer-length.patch: Amend patch to properly
      check buffer bounds in the src/vector/vrle.cpp blit function
      and its variants.
    - CVE-2021-31315
  * SECURITY UPDATE: Stack-based buffer overflow patch was incomplete
    - debian/patches/Freetype-raster.patch: Amend patch to correctly
      check return conditions in the gray_render_cubic function and also
      check the number of ycells in the gray_find_cell function of
      src/vector/freetype/v_ft_raster.cpp.
    - CVE-2021-31321
  * debian/rules: Use compiler flag for level 2 optimization (-O2)
    instead of level 3 (-O3) on ppc64el architectures. Level 3
    optimization can lead to build errors due to memory alignment
    requirements.

 -- Nicolas Campuzano Jimenez <email address hidden> Thu, 19 Dec 2024 12:33:21 -0500
CVE-2021-31315 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custo
CVE-2021-31321 Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of


About   -   Send Feedback to @ubuntu_updates