CVE-2025-15533

Name
CVE-2025-15533
Description
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://github.com/oneafter/1224/blob/main/hbf2
patch https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146
issue-tracking https://github.com/raysan5/raylib/issues/5433
issue-tracking https://github.com/raysan5/raylib/pull/5450
signature https://vuldb.com/?ctiid.341705
vdb-entry https://vuldb.com/?id.341705
third-party-advisory https://vuldb.com/?submit.733341
third-party-advisory https://vuldb.com/?submit.733342

Match rules

CPE URI Source package Min version Max version
raylib == 909f040 == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
raylib edge-community 5.0-r0 David Demelier <markand@malikania.fr> possibly vulnerable
raylib 3.23-community 5.0-r0 David Demelier <markand@malikania.fr> possibly vulnerable