3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @pyrox0 Activity log
- Created automatic suggestion
-
@pyrox0
removed
20 packages
- lilypond
- lilypond-unstable
- lilypond-with-fonts
- openlilylib-fonts.ross
- gnomeExtensions.lilypad
- openlilylib-fonts.haydn
- openlilylib-fonts.bravura
- openlilylib-fonts.cadence
- openlilylib-fonts.gonville
- openlilylib-fonts.lilyjazz
- openlilylib-fonts.paganini
- openlilylib-fonts.profondo
- openlilylib-fonts.beethoven
- openlilylib-fonts.improviso
- openlilylib-fonts.scorlatti
- lilypond-unstable-with-fonts
- openlilylib-fonts.lilyboulez
- openlilylib-fonts.sebastiano
- openlilylib-fonts.lv-goldenage
- openlilylib-fonts.gutenberg1939
- @pyrox0 dismissed
FascinatedBox lily lily_emitter.c count_transforms out-of-bounds
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-346460 | FascinatedBox lily lily_emitter.c count_transforms out-of-bounds vdb-entry technical-description
- VDB-346460 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #753166 | FascinatedBox lily main branch Heap-based Buffer Overflow third-party-advisory
- https://github.com/FascinatedBox/lily/issues/381 issue-tracking
- https://github.com/oneafter/0122/blob/main/i381/repro.lily exploit
- https://github.com/FascinatedBox/lily/ product
Affected products
- ==2.3
- ==2.2
- ==2.1
- ==2.0
Ignored packages (20)
pkgs.lilypond
Music typesetting system
pkgs.lilypond-unstable
Music typesetting system
pkgs.lilypond-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.ross
ross font for LilyPond
pkgs.gnomeExtensions.lilypad
Organize, hide, and reorder top bar icons
pkgs.openlilylib-fonts.haydn
haydn font for LilyPond
pkgs.openlilylib-fonts.bravura
bravura font for LilyPond
pkgs.openlilylib-fonts.cadence
cadence font for LilyPond
pkgs.openlilylib-fonts.gonville
gonville font for LilyPond
pkgs.openlilylib-fonts.lilyjazz
lilyjazz font for LilyPond
pkgs.openlilylib-fonts.paganini
paganini font for LilyPond
pkgs.openlilylib-fonts.profondo
profondo font for LilyPond
pkgs.openlilylib-fonts.beethoven
beethoven font for LilyPond
pkgs.openlilylib-fonts.improviso
improviso font for LilyPond
pkgs.openlilylib-fonts.scorlatti
scorlatti font for LilyPond
pkgs.lilypond-unstable-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.lilyboulez
lilyboulez font for LilyPond
pkgs.openlilylib-fonts.sebastiano
sebastiano font for LilyPond
pkgs.openlilylib-fonts.lv-goldenage
lv-goldenage font for LilyPond
pkgs.openlilylib-fonts.gutenberg1939
gutenberg1939 font for LilyPond
-
nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
-
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35