{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41667", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2026-04-22T00:52:02.298Z", "datePublished": "2026-04-22T05:57:28.615Z", "dateUpdated": "2026-05-03T22:43:11.278Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-05-03T22:43:11.278Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190 Integer overflow or wraparound", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "ONE", "versions": [{"status": "affected", "version": "1.30.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit 1.30.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.<br>Affected version is prior to commit 1.30.0."}]}], "references": [{"url": "https://github.com/Samsung/ONE/pull/16481"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}}], "credits": [{"lang": "en", "value": "Sebasti\u00e1n Alba Vives", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T12:31:12.896939Z", "id": "CVE-2026-41667", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:31:44.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41667", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T12:31:12.896939Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T12:31:20.018Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Sebasti\u00e1n Alba Vives"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Open Source", "product": "ONE", "versions": [{"status": "affected", "version": "1.30.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Samsung/ONE/pull/16481"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit 1.30.0.", "supportingMedia": [{"type": "text/html", "value": "Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.<br>Affected version is prior to commit 1.30.0.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer overflow or wraparound"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2026-05-03T22:43:11.278Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41667", "state": "PUBLISHED", "dateUpdated": "2026-05-03T22:43:11.278Z", "dateReserved": "2026-04-22T00:52:02.298Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2026-04-22T05:57:28.615Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:one:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DBBA2E4-036F-40C0-B2EF-D14AB3C83B6E", "versionEndExcluding": "1.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit 1.30.0."}], "id": "CVE-2026-41667", "lastModified": "2026-04-27T18:21:50.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2026-04-22T07:16:13.990", "references": [{"source": "PSIRT@samsung.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Samsung/ONE/pull/16481"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.30.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "one", "vendor": "samsung_open_source"}], "analysis": {"en": {"generated_at": "2026-04-22T07:23:33.395305+00:00", "value": {"mitigation_remediation": ["Update Samsung ONE to commit 1.30.0 or later, which corrects the overflow calculation.", "If an upgrade is not immediately possible, reduce the size of constant tensors or avoid large constant nodes until the patch is applied.", "Monitor application logs and memory usage for signs of buffer overrun or crashes, and apply appropriate isolation or sandboxing for tensor operations."], "summary": {"action": "Patch Now", "impact": "Integer overflow leading to improper buffer sizing"}, "threat_synthesis": {"affected_systems": "Samsung Open Source:ONE implementations prior to commit 1.30.0 are affected. No other version or vendor details are provided, so all instances using earlier commits than 1.30.0 should be considered vulnerable.", "description_and_impact": "An integer overflow occurs during constant tensor data size calculation in Samsung Open Source ONE. The calculation does not correctly account for large constant nodes, resulting in an under\u2011sized buffer. If an attacker can introduce a large constant node, the program may write data beyond the allocated buffer, potentially corrupting memory or causing a crash.", "risk_and_exploitability": "The CVSS score of 6.6 indicates a moderate severity. EPSS is unavailable and the vulnerability is not listed in KEV, suggesting no known active exploitation. However, the integer overflow could be leveraged by an attacker who can influence tensor initialization; if exploited, it may lead to memory corruption and potentially allow code execution, particularly if the overflow triggers a crash that can be exploited. The exact attack vector is not documented, so the risk remains based on potential local or indirect exploitation scenarios."}}}}, "created": "2026-04-22T07:30:11.592098+00:00", "title": "Integer Overflow Causing Improper Buffer Size in Samsung ONE", "updated": "2026-04-22T11:44:34.738383+00:00", "vendors": ["samsung_open_source", "samsung_open_source$PRODUCT$one"]}