Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2660

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months ago Activity log

Created suggestion 2 months ago

FascinatedBox lily lily_symtab.c shorthash_for_name use after free

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346458 | FascinatedBox lily lily_symtab.c shorthash_for_name use after free vdb-entrytechnical-description
VDB-346458 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #753164 | FascinatedBox lily main branch Use After Free third-party-advisory
https://github.com/FascinatedBox/lily/issues/385 issue-tracking
https://github.com/oneafter/0122/blob/main/i385/repro.lily exploit
https://github.com/FascinatedBox/lily/ product

Affected products

lily

==2.2
==2.1
==2.0
==2.3

Matching in nixpkgs

pkgs.lilypond

Music typesetting system

nixos-unstable 2.24.4
- nixpkgs-unstable 2.24.4
- nixos-unstable-small 2.24.4
nixos-25.11 2.24.4
- nixos-25.11-small 2.24.4
- nixpkgs-25.11-darwin 2.24.4

pkgs.lilypond-unstable

Music typesetting system

nixos-unstable 2.25.32
- nixpkgs-unstable 2.25.32
- nixos-unstable-small 2.25.32
nixos-25.11 2.25.29
- nixos-25.11-small 2.25.29
- nixpkgs-25.11-darwin 2.25.29

pkgs.lilypond-with-fonts

Music typesetting system

nixos-unstable 2.24.4
- nixpkgs-unstable 2.24.4
- nixos-unstable-small 2.24.4
nixos-25.11 2.24.4
- nixos-25.11-small 2.24.4
- nixpkgs-25.11-darwin 2.24.4

pkgs.openlilylib-fonts.ross

ross font for LilyPond

nixos-unstable aa8127f
- nixpkgs-unstable aa8127f
- nixos-unstable-small aa8127f
nixos-25.11 aa8127f
- nixos-25.11-small aa8127f
- nixpkgs-25.11-darwin aa8127f

pkgs.gnomeExtensions.lilypad

Organize, hide, and reorder top bar icons

nixos-unstable 15
- nixpkgs-unstable 15
- nixos-unstable-small 15
nixos-25.11 15
- nixos-25.11-small 15
- nixpkgs-25.11-darwin 15

pkgs.openlilylib-fonts.haydn

haydn font for LilyPond

nixos-unstable 9e7de8b
- nixpkgs-unstable 9e7de8b
- nixos-unstable-small 9e7de8b
nixos-25.11 9e7de8b
- nixos-25.11-small 9e7de8b
- nixpkgs-25.11-darwin 9e7de8b

pkgs.openlilylib-fonts.bravura

bravura font for LilyPond

nixos-unstable 53c7744
- nixpkgs-unstable 53c7744
- nixos-unstable-small 53c7744
nixos-25.11 53c7744
- nixos-25.11-small 53c7744
- nixpkgs-25.11-darwin 53c7744

pkgs.openlilylib-fonts.cadence

cadence font for LilyPond

nixos-unstable 1cc0fb7
- nixpkgs-unstable 1cc0fb7
- nixos-unstable-small 1cc0fb7
nixos-25.11 1cc0fb7
- nixos-25.11-small 1cc0fb7
- nixpkgs-25.11-darwin 1cc0fb7

pkgs.openlilylib-fonts.gonville

gonville font for LilyPond

nixos-unstable a638bc9
- nixpkgs-unstable a638bc9
- nixos-unstable-small a638bc9
nixos-25.11 a638bc9
- nixos-25.11-small a638bc9
- nixpkgs-25.11-darwin a638bc9

pkgs.openlilylib-fonts.lilyjazz

lilyjazz font for LilyPond

nixos-unstable 8fa7d554
- nixpkgs-unstable 8fa7d554
- nixos-unstable-small 8fa7d554
nixos-25.11 8fa7d554
- nixos-25.11-small 8fa7d554
- nixpkgs-25.11-darwin 8fa7d554

pkgs.openlilylib-fonts.paganini

paganini font for LilyPond

nixos-unstable 8e4e55a
- nixpkgs-unstable 8e4e55a
- nixos-unstable-small 8e4e55a
nixos-25.11 8e4e55a
- nixos-25.11-small 8e4e55a
- nixpkgs-25.11-darwin 8e4e55a

pkgs.openlilylib-fonts.profondo

profondo font for LilyPond

nixos-unstable 8cfb668
- nixpkgs-unstable 8cfb668
- nixos-unstable-small 8cfb668
nixos-25.11 8cfb668
- nixos-25.11-small 8cfb668
- nixpkgs-25.11-darwin 8cfb668

pkgs.openlilylib-fonts.beethoven

beethoven font for LilyPond

nixos-unstable 669f400
- nixpkgs-unstable 669f400
- nixos-unstable-small 669f400
nixos-25.11 669f400
- nixos-25.11-small 669f400
- nixpkgs-25.11-darwin 669f400

pkgs.openlilylib-fonts.improviso

improviso font for LilyPond

nixos-unstable 0753f5a
- nixpkgs-unstable 0753f5a
- nixos-unstable-small 0753f5a
nixos-25.11 0753f5a
- nixos-25.11-small 0753f5a
- nixpkgs-25.11-darwin 0753f5a

pkgs.openlilylib-fonts.scorlatti

scorlatti font for LilyPond

nixos-unstable 1db87da
- nixpkgs-unstable 1db87da
- nixos-unstable-small 1db87da
nixos-25.11 1db87da
- nixos-25.11-small 1db87da
- nixpkgs-25.11-darwin 1db87da

pkgs.lilypond-unstable-with-fonts

Music typesetting system

nixos-unstable 2.25.32
- nixpkgs-unstable 2.25.32
- nixos-unstable-small 2.25.32
nixos-25.11 2.25.29
- nixos-25.11-small 2.25.29
- nixpkgs-25.11-darwin 2.25.29

pkgs.openlilylib-fonts.lilyboulez

lilyboulez font for LilyPond

nixos-unstable e8455fc
- nixpkgs-unstable e8455fc
- nixos-unstable-small e8455fc
nixos-25.11 e8455fc
- nixos-25.11-small e8455fc
- nixpkgs-25.11-darwin e8455fc

pkgs.openlilylib-fonts.sebastiano

sebastiano font for LilyPond

nixos-unstable 44bf262
- nixpkgs-unstable 44bf262
- nixos-unstable-small 44bf262
nixos-25.11 44bf262
- nixos-25.11-small 44bf262
- nixpkgs-25.11-darwin 44bf262

pkgs.openlilylib-fonts.lv-goldenage

lv-goldenage font for LilyPond

nixos-unstable 8a92fd3
- nixpkgs-unstable 8a92fd3
- nixos-unstable-small 8a92fd3
nixos-25.11 8a92fd3
- nixos-25.11-small 8a92fd3
- nixpkgs-25.11-darwin 8a92fd3

pkgs.openlilylib-fonts.gutenberg1939

gutenberg1939 font for LilyPond

nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35

Package maintainers

@honnip Jung seungwoo <me@honnip.page>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@yurrriq Eric Bailey <eric@ericb.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.lilypond

pkgs.lilypond-unstable

pkgs.lilypond-with-fonts

pkgs.openlilylib-fonts.ross

pkgs.gnomeExtensions.lilypad

pkgs.openlilylib-fonts.haydn

pkgs.openlilylib-fonts.bravura

pkgs.openlilylib-fonts.cadence

pkgs.openlilylib-fonts.gonville

pkgs.openlilylib-fonts.lilyjazz

pkgs.openlilylib-fonts.paganini

pkgs.openlilylib-fonts.profondo

pkgs.openlilylib-fonts.beethoven

pkgs.openlilylib-fonts.improviso

pkgs.openlilylib-fonts.scorlatti

pkgs.lilypond-unstable-with-fonts

pkgs.openlilylib-fonts.lilyboulez

pkgs.openlilylib-fonts.sebastiano

pkgs.openlilylib-fonts.lv-goldenage

pkgs.openlilylib-fonts.gutenberg1939

Package maintainers