3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
20 packages
- lilypond
- lilypond-unstable
- lilypond-with-fonts
- openlilylib-fonts.ross
- gnomeExtensions.lilypad
- openlilylib-fonts.haydn
- openlilylib-fonts.bravura
- openlilylib-fonts.cadence
- openlilylib-fonts.gonville
- openlilylib-fonts.lilyjazz
- openlilylib-fonts.paganini
- openlilylib-fonts.profondo
- openlilylib-fonts.beethoven
- openlilylib-fonts.improviso
- openlilylib-fonts.scorlatti
- lilypond-unstable-with-fonts
- openlilylib-fonts.lilyboulez
- openlilylib-fonts.sebastiano
- openlilylib-fonts.lv-goldenage
- openlilylib-fonts.gutenberg1939
- @LeSuisse dismissed
FascinatedBox lily Error Reporting lily_build_error.c patch_line_end out-of-bounds
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-348276 | FascinatedBox lily Error Reporting lily_build_error.c patch_line_end out-of-bounds vdb-entry technical-description
- VDB-348276 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #761326 | FascinatedBox lily main-branch Heap-based Buffer Overflow third-party-advisory
- https://github.com/FascinatedBox/lily/issues/382 issue-tracking
- https://github.com/oneafter/0122/blob/main/i382/repro.lily exploit
- https://github.com/FascinatedBox/lily/ product
Affected products
- ==2.1
- ==2.0
- ==2.2
- ==2.3
Ignored packages (20)
pkgs.lilypond
Music typesetting system
pkgs.lilypond-unstable
Music typesetting system
pkgs.lilypond-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.ross
ross font for LilyPond
pkgs.gnomeExtensions.lilypad
Organize, hide, and reorder top bar icons
pkgs.openlilylib-fonts.haydn
haydn font for LilyPond
pkgs.openlilylib-fonts.bravura
bravura font for LilyPond
pkgs.openlilylib-fonts.cadence
cadence font for LilyPond
pkgs.openlilylib-fonts.gonville
gonville font for LilyPond
pkgs.openlilylib-fonts.lilyjazz
lilyjazz font for LilyPond
pkgs.openlilylib-fonts.paganini
paganini font for LilyPond
pkgs.openlilylib-fonts.profondo
profondo font for LilyPond
pkgs.openlilylib-fonts.beethoven
beethoven font for LilyPond
pkgs.openlilylib-fonts.improviso
improviso font for LilyPond
pkgs.openlilylib-fonts.scorlatti
scorlatti font for LilyPond
pkgs.lilypond-unstable-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.lilyboulez
lilyboulez font for LilyPond
pkgs.openlilylib-fonts.sebastiano
sebastiano font for LilyPond
pkgs.openlilylib-fonts.lv-goldenage
lv-goldenage font for LilyPond
pkgs.openlilylib-fonts.gutenberg1939
gutenberg1939 font for LilyPond
-
nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
-
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35