CVE-2025-15535

LOW

nicbarker clay <0.14 - Null Pointer Dereference

Title source: llm

Description

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

[Permissions Required, VDB Entry] https://vuldb.com/?id.341707

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.341707

[Permissions Required, VDB Entry] https://vuldb.com/?submit.733346

[Issue Tracking] https://github.com/nicbarker/clay/issues/566

[Various Sources] https://github.com/oneafter/1215/blob/main/repro

View Writeup ZIP pw:eip

[Various Sources] https://github.com/nicbarker/clay/

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-404 CWE-476

Status published

Products (14)

nicbarker/clay 0.1

nicbarker/clay 0.10

nicbarker/clay 0.11

nicbarker/clay 0.12

nicbarker/clay 0.13

nicbarker/clay 0.14

nicbarker/clay 0.2

nicbarker/clay 0.3

nicbarker/clay 0.4

nicbarker/clay 0.5

... and 4 more

Published Jan 18, 2026

Tracked Since Feb 18, 2026