3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
20 packages
- lilypond
- lilypond-unstable
- lilypond-with-fonts
- openlilylib-fonts.ross
- gnomeExtensions.lilypad
- openlilylib-fonts.haydn
- openlilylib-fonts.bravura
- openlilylib-fonts.cadence
- openlilylib-fonts.gonville
- openlilylib-fonts.lilyjazz
- openlilylib-fonts.paganini
- openlilylib-fonts.profondo
- openlilylib-fonts.beethoven
- openlilylib-fonts.improviso
- openlilylib-fonts.scorlatti
- lilypond-unstable-with-fonts
- openlilylib-fonts.lilyboulez
- openlilylib-fonts.sebastiano
- openlilylib-fonts.lv-goldenage
- openlilylib-fonts.gutenberg1939
- @LeSuisse dismissed
FascinatedBox lily lily_emitter.c clear_storages out-of-bounds
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-348277 | FascinatedBox lily lily_emitter.c clear_storages out-of-bounds vdb-entry technical-description
- VDB-348277 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #761327 | FascinatedBox lily main-branch Heap-based Buffer Overflow third-party-advisory
- https://github.com/FascinatedBox/lily/issues/383 issue-tracking
- https://github.com/oneafter/0122/blob/main/i383/repro.lily exploit
- https://github.com/FascinatedBox/lily/ product
Affected products
- ==2.1
- ==2.0
- ==2.2
- ==2.3
Ignored packages (20)
pkgs.lilypond
Music typesetting system
pkgs.lilypond-unstable
Music typesetting system
pkgs.lilypond-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.ross
ross font for LilyPond
pkgs.gnomeExtensions.lilypad
Organize, hide, and reorder top bar icons
pkgs.openlilylib-fonts.haydn
haydn font for LilyPond
pkgs.openlilylib-fonts.bravura
bravura font for LilyPond
pkgs.openlilylib-fonts.cadence
cadence font for LilyPond
pkgs.openlilylib-fonts.gonville
gonville font for LilyPond
pkgs.openlilylib-fonts.lilyjazz
lilyjazz font for LilyPond
pkgs.openlilylib-fonts.paganini
paganini font for LilyPond
pkgs.openlilylib-fonts.profondo
profondo font for LilyPond
pkgs.openlilylib-fonts.beethoven
beethoven font for LilyPond
pkgs.openlilylib-fonts.improviso
improviso font for LilyPond
pkgs.openlilylib-fonts.scorlatti
scorlatti font for LilyPond
pkgs.lilypond-unstable-with-fonts
Music typesetting system
pkgs.openlilylib-fonts.lilyboulez
lilyboulez font for LilyPond
pkgs.openlilylib-fonts.sebastiano
sebastiano font for LilyPond
pkgs.openlilylib-fonts.lv-goldenage
lv-goldenage font for LilyPond
pkgs.openlilylib-fonts.gutenberg1939
gutenberg1939 font for LilyPond
-
nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
-
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35