CVE-2025-14958
- Source
- https://cve.org/CVERecord?id=CVE-2025-14958
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14958.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14958
- Published
- 2025-12-19T18:15:48.373Z
- Modified
- 2026-03-14T15:02:28.911347Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function sgpipelinecommoninit in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.
- References
-
- https://github.com/oneafter/1212/blob/main/hbf1
- https://vuldb.com/?id.337594
- https://github.com/floooh/sokol/issues/1406
- https://github.com/floooh/sokol/issues/1406#issuecomment-3649515551
- https://vuldb.com/?ctiid.337594
- https://github.com/seyhajin/sokol/commit/33e2271c431bf21de001e972f72da17a984da932
- https://vuldb.com/?submit.717320
Affected packages
Git / github.com/seyhajin/sokol
Affected ranges
- Type
- GIT
- Repo
- https://github.com/seyhajin/sokol
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14958.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2025-12-13"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2025-14958-15a9521c",
"source": "https://github.com/seyhajin/sokol/commit/33e2271c431bf21de001e972f72da17a984da932",
"signature_version": "v1",
"target": {
"file": "sokol_gfx.h"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"292622784477154656710410040940503895086",
"50027860838152742754008816563051884883",
"211790450921216105222885556098357843697",
"105462582608778994641139279806659673022"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2025-14958-96f8e976",
"source": "https://github.com/seyhajin/sokol/commit/33e2271c431bf21de001e972f72da17a984da932",
"signature_version": "v1",
"target": {
"function": "_sg_pipeline_common_init",
"file": "sokol_gfx.h"
},
"deprecated": false,
"digest": {
"function_hash": "206976225858040509641056237971519576969",
"length": 1665.0
}
}
]