3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
20 packages
- lilypond
- lilypond-unstable
- lilypond-with-fonts
- openlilylib-fonts.ross
- gnomeExtensions.lilypad
- openlilylib-fonts.haydn
- openlilylib-fonts.bravura
- openlilylib-fonts.cadence
- openlilylib-fonts.gonville
- openlilylib-fonts.lilyjazz
- openlilylib-fonts.paganini
- openlilylib-fonts.profondo
- openlilylib-fonts.beethoven
- openlilylib-fonts.improviso
- openlilylib-fonts.scorlatti
- lilypond-unstable-with-fonts
- openlilylib-fonts.lilyboulez
- openlilylib-fonts.sebastiano
- openlilylib-fonts.lv-goldenage
- openlilylib-fonts.gutenberg1939
- @LeSuisse dismissed
FascinatedBox lily lily_emitter.c eval_tree null pointer dereference
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-348278 | FascinatedBox lily lily_emitter.c eval_tree null pointer dereference vdb-entry technical-description
- VDB-348278 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #761328 | FascinatedBox lily main-branch NULL Pointer Dereference third-party-advisory
- https://github.com/FascinatedBox/lily/issues/384 issue-tracking
- https://github.com/oneafter/0122/blob/main/i384/repro.lily exploit
- https://github.com/FascinatedBox/lily/ product
Affected products
- ==2.1
- ==2.0
- ==2.2
- ==2.3
Ignored packages (20)
pkgs.lilypond
Music typesetting system
pkgs.lilypond-unstable
Music typesetting system
pkgs.lilypond-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.ross
ross font for LilyPond
pkgs.gnomeExtensions.lilypad
Organize, hide, and reorder top bar icons
pkgs.openlilylib-fonts.haydn
haydn font for LilyPond
pkgs.openlilylib-fonts.bravura
bravura font for LilyPond
pkgs.openlilylib-fonts.cadence
cadence font for LilyPond
pkgs.openlilylib-fonts.gonville
gonville font for LilyPond
pkgs.openlilylib-fonts.lilyjazz
lilyjazz font for LilyPond
pkgs.openlilylib-fonts.paganini
paganini font for LilyPond
pkgs.openlilylib-fonts.profondo
profondo font for LilyPond
pkgs.openlilylib-fonts.beethoven
beethoven font for LilyPond
pkgs.openlilylib-fonts.improviso
improviso font for LilyPond
pkgs.openlilylib-fonts.scorlatti
scorlatti font for LilyPond
pkgs.lilypond-unstable-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.lilyboulez
lilyboulez font for LilyPond
pkgs.openlilylib-fonts.sebastiano
sebastiano font for LilyPond
pkgs.openlilylib-fonts.lv-goldenage
lv-goldenage font for LilyPond
pkgs.openlilylib-fonts.gutenberg1939
gutenberg1939 font for LilyPond
-
nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
-
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35