FascinatedBox lily lily_emitter.c count_transforms out-of-bounds_CVE-2026-2662

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2662

Source VulDB

Published Feb 18, 2026 at 19:32

Modified Feb 18, 2026 at 20:06

Affected Product

Vendor FascinatedBox

Product lily

Version 2.0

Affected Versions FascinatedBox lily 2.0
FascinatedBox lily 2.1
FascinatedBox lily 2.2
FascinatedBox lily 2.3

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-18T19:32:07.847Z",
    "modified": "2026-02-18T20:06:02.992Z",
    "type": "cve",
    "title": "FascinatedBox lily lily_emitter.c count_transforms out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346460\nhttps://vuldb.com/?ctiid.346460\nhttps://vuldb.com/?submit.753166\nhttps://github.com/FascinatedBox/lily/issues/381\nhttps://github.com/oneafter/0122/blob/main/i381/repro.lily\nhttps://github.com/FascinatedBox/lily/",
    "id": "CVE-2026-2662",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "FascinatedBox lily 2.0\nFascinatedBox lily 2.1\nFascinatedBox lily 2.2\nFascinatedBox lily 2.3",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lily",
    "version": "2.0",
    "vendor": "FascinatedBox",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}