CVE-2026-3391 | FascinatedBox lily up to 2.3 src/lily_emitter.c clear_storages out-of-bounds (Issue 383)

A vulnerability described as problematic has been identified in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read.

This vulnerability is identified as CVE-2026-3391. The attack is only possible with local access. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More