nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference_CVE-2025-15535

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15535

Source VulDB

Published Jan 18, 2026 at 07:32

Affected Product

Vendor nicbarker

Product clay

Version 0.1

Affected Versions nicbarker clay 0.1
nicbarker clay 0.2
nicbarker clay 0.3
nicbarker clay 0.4
nicbarker clay 0.5
nicbarker clay 0.6
nicbarker clay 0.7
nicbarker clay 0.8
nicbarker clay 0.9
nicbarker clay 0.10
nicbarker clay 0.11
nicbarker clay 0.12
nicbarker clay 0.13
nicbarker clay 0.14

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-01-18T07:32:05.937Z",
    "modified": "2026-01-18T07:32:05.937Z",
    "type": "cve",
    "title": "nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341707\nhttps://vuldb.com/?ctiid.341707\nhttps://vuldb.com/?submit.733346\nhttps://github.com/nicbarker/clay/issues/566\nhttps://github.com/oneafter/1215/blob/main/repro",
    "id": "CVE-2025-15535",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "nicbarker clay 0.1\nnicbarker clay 0.2\nnicbarker clay 0.3\nnicbarker clay 0.4\nnicbarker clay 0.5\nnicbarker clay 0.6\nnicbarker clay 0.7\nnicbarker clay 0.8\nnicbarker clay 0.9\nnicbarker clay 0.10\nnicbarker clay 0.11\nnicbarker clay 0.12\nnicbarker clay 0.13\nnicbarker clay 0.14",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "clay",
    "version": "0.1",
    "vendor": "nicbarker",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}