CVE-2026-41667

Published Apr 22, 2026

Last updated 3 days ago

CVSS medium 6.6

Overview

Description
Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.
Source
PSIRT@samsung.com
NVD status
Analyzed
Products
one

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.6
Impact score
4.7
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Severity
MEDIUM

Weaknesses

PSIRT@samsung.com
CWE-190

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.CVE-2026-6839
  2. Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.CVE-2026-41666
  3. Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.CVE-2026-41665
  4. Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.CVE-2026-41664
  5. Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.CVE-2026-40450

References

Sources include official advisories and independent security research.