Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: haskellPackages.clay

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2025-15535

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 months ago

nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-341707 | nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference vdb-entrytechnical-description
VDB-341707 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #733346 | nicbarker clay v0.14 and master-branch Memory Corruption third-party-advisory
https://github.com/nicbarker/clay/issues/566 issue-tracking
https://github.com/oneafter/1215/blob/main/repro exploit

Affected products

clay

==0.11
==0.9
==0.14
==0.7
==0.3
==0.1
==0.4
==0.10
==0.6
==0.5
==0.8
==0.13
==0.2
==0.12

Matching in nixpkgs

pkgs.haskellPackages.clay

CSS preprocessor as embedded Haskell

nixos-unstable 0.15.0
- nixpkgs-unstable 0.15.0
- nixos-unstable-small 0.15.0
nixos-25.11 0.16.1
- nixpkgs-25.11-darwin 0.16.1

pkgs.haskellPackages.doclayout

A prettyprinting library for laying out text documents

nixos-unstable 0.5
- nixpkgs-unstable 0.5
- nixos-unstable-small 0.5
nixos-25.11 0.5.0.1
- nixpkgs-25.11-darwin 0.5.0.1

pkgs.haskellPackages.hslua-module-doclayout

Lua module wrapping Text.DocLayout.

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0
nixos-25.11 1.2.0.1
- nixpkgs-25.11-darwin 1.2.0.1

pkgs.typstPackages.paris-saclay-thesis-flat_1_0_2

An unofficial, flat-design template for Paris-Saclay University theses

nixos-unstable 1.0.2
- nixpkgs-unstable 1.0.2
- nixos-unstable-small 1.0.2
nixos-25.11 1.0.2
- nixpkgs-25.11-darwin 1.0.2

Package maintainers

@cherrypiejam Gongqi Huang

1