Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3390

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

FascinatedBox lily Error Reporting lily_build_error.c patch_line_end out-of-bounds

A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-348276 | FascinatedBox lily Error Reporting lily_build_error.c patch_line_end out-of-bounds vdb-entrytechnical-description
VDB-348276 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #761326 | FascinatedBox lily main-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/FascinatedBox/lily/issues/382 issue-tracking
https://github.com/oneafter/0122/blob/main/i382/repro.lily exploit
https://github.com/FascinatedBox/lily/ product

Affected products

lily

==2.1
==2.2
==2.0
==2.3

Matching in nixpkgs

pkgs.lilypond

Music typesetting system

nixos-unstable 2.24.4
- nixpkgs-unstable 2.24.4
- nixos-unstable-small 2.24.4
nixos-25.11 2.24.4
- nixos-25.11-small 2.24.4
- nixpkgs-25.11-darwin 2.24.4

pkgs.lilypond-unstable

Music typesetting system

nixos-unstable 2.25.32
- nixpkgs-unstable 2.25.32
- nixos-unstable-small 2.25.32
nixos-25.11 2.25.29
- nixos-25.11-small 2.25.29
- nixpkgs-25.11-darwin 2.25.29

pkgs.lilypond-with-fonts

Music typesetting system

nixos-unstable 2.24.4
- nixpkgs-unstable 2.24.4
- nixos-unstable-small 2.24.4
nixos-25.11 2.24.4
- nixos-25.11-small 2.24.4
- nixpkgs-25.11-darwin 2.24.4

pkgs.openlilylib-fonts.ross

ross font for LilyPond

nixos-unstable aa8127f
- nixpkgs-unstable aa8127f
- nixos-unstable-small aa8127f
nixos-25.11 aa8127f
- nixos-25.11-small aa8127f
- nixpkgs-25.11-darwin aa8127f

pkgs.gnomeExtensions.lilypad

Organize, hide, and reorder top bar icons

nixos-unstable 15
- nixpkgs-unstable 15
- nixos-unstable-small 15
nixos-25.11 15
- nixos-25.11-small 15
- nixpkgs-25.11-darwin 15

pkgs.openlilylib-fonts.haydn

haydn font for LilyPond

nixos-unstable 9e7de8b
- nixpkgs-unstable 9e7de8b
- nixos-unstable-small 9e7de8b
nixos-25.11 9e7de8b
- nixos-25.11-small 9e7de8b
- nixpkgs-25.11-darwin 9e7de8b

pkgs.openlilylib-fonts.bravura

bravura font for LilyPond

nixos-unstable 53c7744
- nixpkgs-unstable 53c7744
- nixos-unstable-small 53c7744
nixos-25.11 53c7744
- nixos-25.11-small 53c7744
- nixpkgs-25.11-darwin 53c7744

pkgs.openlilylib-fonts.cadence

cadence font for LilyPond

nixos-unstable 1cc0fb7
- nixpkgs-unstable 1cc0fb7
- nixos-unstable-small 1cc0fb7
nixos-25.11 1cc0fb7
- nixos-25.11-small 1cc0fb7
- nixpkgs-25.11-darwin 1cc0fb7

pkgs.openlilylib-fonts.gonville

gonville font for LilyPond

nixos-unstable a638bc9
- nixpkgs-unstable a638bc9
- nixos-unstable-small a638bc9
nixos-25.11 a638bc9
- nixos-25.11-small a638bc9
- nixpkgs-25.11-darwin a638bc9

pkgs.openlilylib-fonts.lilyjazz

lilyjazz font for LilyPond

nixos-unstable 8fa7d554
- nixpkgs-unstable 8fa7d554
- nixos-unstable-small 8fa7d554
nixos-25.11 8fa7d554
- nixos-25.11-small 8fa7d554
- nixpkgs-25.11-darwin 8fa7d554

pkgs.openlilylib-fonts.paganini

paganini font for LilyPond

nixos-unstable 8e4e55a
- nixpkgs-unstable 8e4e55a
- nixos-unstable-small 8e4e55a
nixos-25.11 8e4e55a
- nixos-25.11-small 8e4e55a
- nixpkgs-25.11-darwin 8e4e55a

pkgs.openlilylib-fonts.profondo

profondo font for LilyPond

nixos-unstable 8cfb668
- nixpkgs-unstable 8cfb668
- nixos-unstable-small 8cfb668
nixos-25.11 8cfb668
- nixos-25.11-small 8cfb668
- nixpkgs-25.11-darwin 8cfb668

pkgs.openlilylib-fonts.beethoven

beethoven font for LilyPond

nixos-unstable 669f400
- nixpkgs-unstable 669f400
- nixos-unstable-small 669f400
nixos-25.11 669f400
- nixos-25.11-small 669f400
- nixpkgs-25.11-darwin 669f400

pkgs.openlilylib-fonts.improviso

improviso font for LilyPond

nixos-unstable 0753f5a
- nixpkgs-unstable 0753f5a
- nixos-unstable-small 0753f5a
nixos-25.11 0753f5a
- nixos-25.11-small 0753f5a
- nixpkgs-25.11-darwin 0753f5a

pkgs.openlilylib-fonts.scorlatti

scorlatti font for LilyPond

nixos-unstable 1db87da
- nixpkgs-unstable 1db87da
- nixos-unstable-small 1db87da
nixos-25.11 1db87da
- nixos-25.11-small 1db87da
- nixpkgs-25.11-darwin 1db87da

pkgs.lilypond-unstable-with-fonts

Music typesetting system

nixos-unstable 2.25.32
- nixpkgs-unstable 2.25.32
- nixos-unstable-small 2.25.32
nixos-25.11 2.25.29
- nixos-25.11-small 2.25.29
- nixpkgs-25.11-darwin 2.25.29

pkgs.openlilylib-fonts.lilyboulez

lilyboulez font for LilyPond

nixos-unstable e8455fc
- nixpkgs-unstable e8455fc
- nixos-unstable-small e8455fc
nixos-25.11 e8455fc
- nixos-25.11-small e8455fc
- nixpkgs-25.11-darwin e8455fc

pkgs.openlilylib-fonts.sebastiano

sebastiano font for LilyPond

nixos-unstable 44bf262
- nixpkgs-unstable 44bf262
- nixos-unstable-small 44bf262
nixos-25.11 44bf262
- nixos-25.11-small 44bf262
- nixpkgs-25.11-darwin 44bf262

pkgs.openlilylib-fonts.lv-goldenage

lv-goldenage font for LilyPond

nixos-unstable 8a92fd3
- nixpkgs-unstable 8a92fd3
- nixos-unstable-small 8a92fd3
nixos-25.11 8a92fd3
- nixos-25.11-small 8a92fd3
- nixpkgs-25.11-darwin 8a92fd3

pkgs.openlilylib-fonts.gutenberg1939

gutenberg1939 font for LilyPond

nixos-unstable gutenberg1939-2316a35
- nixpkgs-unstable gutenberg1939-2316a35
- nixos-unstable-small gutenberg1939-2316a35
nixos-25.11 gutenberg1939-2316a35
- nixos-25.11-small gutenberg1939-2316a35
- nixpkgs-25.11-darwin gutenberg1939-2316a35

Package maintainers

@honnip Jung seungwoo <me@honnip.page>
@MarcWeber Marc Weber <marco-oweber@gmx.de>
@yurrriq Eric Bailey <eric@ericb.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.lilypond

pkgs.lilypond-unstable

pkgs.lilypond-with-fonts

pkgs.openlilylib-fonts.ross

pkgs.gnomeExtensions.lilypad

pkgs.openlilylib-fonts.haydn

pkgs.openlilylib-fonts.bravura

pkgs.openlilylib-fonts.cadence

pkgs.openlilylib-fonts.gonville

pkgs.openlilylib-fonts.lilyjazz

pkgs.openlilylib-fonts.paganini

pkgs.openlilylib-fonts.profondo

pkgs.openlilylib-fonts.beethoven

pkgs.openlilylib-fonts.improviso

pkgs.openlilylib-fonts.scorlatti

pkgs.lilypond-unstable-with-fonts

pkgs.openlilylib-fonts.lilyboulez

pkgs.openlilylib-fonts.sebastiano

pkgs.openlilylib-fonts.lv-goldenage

pkgs.openlilylib-fonts.gutenberg1939

Package maintainers