CVE-2025-15535

LOW

nicbarker clay <0.14 - Null Pointer Dereference

Title source: llm

Description

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

Core 6

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.341707

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.341707

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.733346

Issue Tracking issue-tracking

https://github.com/nicbarker/clay/issues/566

Various Sources exploit

https://github.com/oneafter/1215/blob/main/repro

View Writeup ZIP pw:eip

Various Sources product

https://github.com/nicbarker/clay/

Scores

CVSS v3 3.3

EPSS 0.0012

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-404 CWE-476

Status published

Products (14)

nicbarker/clay 0.1

nicbarker/clay 0.10

nicbarker/clay 0.11

nicbarker/clay 0.12

nicbarker/clay 0.13

nicbarker/clay 0.14

nicbarker/clay 0.2

nicbarker/clay 0.3

nicbarker/clay 0.4

nicbarker/clay 0.5

... and 4 more

Published Jan 18, 2026

Tracked Since Feb 18, 2026