CVE-2026-2662

Name of the Vulnerable Software and Affected Versions FascinatedBox lily versions prior to 2.3

Description A flaw exists in FascinatedBox lily, specifically within the count transforms function located in the src/lily emitter.c file. This issue leads to an out-of-bounds read condition. The exploitation of this flaw is limited to local execution. The exploit code has been publicly released. The project maintainers were notified of the issue but have not yet responded.

Recommendations Versions prior to 2.3 should be updated. As a temporary workaround, consider restricting access to the src/lily emitter.c file to minimize the risk of exploitation.