CVE-2026-3392

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-3392

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3392.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-3392

Downstream

openSUSE-SU-2026:10550-1

Related

openSUSE-SU-2026:10550-1

Published

2026-03-01T12:16:00.753Z

Modified

2026-04-16T08:44:17.659692308Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/fascinatedbox/lily

Affected ranges

Type

GIT

Repo

https://github.com/fascinatedbox/lily

Events

Introduced

Last affected

6c1fb158e08c210b1f41dd5fc0417a0abf36ca55

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3"
        }
    ]
}

Affected versions

v0.*

v0.18

v1.*

v1.0

v1.1

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.2

v1.3

v1.4

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0

v2.1

v2.2

v2.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3392.json"