CVE-2025-15534

Name
CVE-2025-15534
Description
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://github.com/oneafter/1224/blob/main/segv1
patch https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146
issue-tracking https://github.com/raysan5/raylib/issues/5436
issue-tracking https://github.com/raysan5/raylib/pull/5450
signature https://vuldb.com/?ctiid.341706
vdb-entry https://vuldb.com/?id.341706
third-party-advisory https://vuldb.com/?submit.733343

Match rules

CPE URI Source package Min version Max version
raylib == 909f040 == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
raylib edge-community 5.0-r0 David Demelier <markand@malikania.fr> possibly vulnerable
raylib 3.23-community 5.0-r0 David Demelier <markand@malikania.fr> possibly vulnerable