CVE-2025-15533
- Source
- https://cve.org/CVERecord?id=CVE-2025-15533
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15533.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15533
- Published
- 2026-01-18T05:16:16.360Z
- Modified
- 2026-03-15T22:50:39.648554Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
- References
-
- https://github.com/raysan5/raylib/
- https://vuldb.com/?submit.733341
- https://vuldb.com/?id.341705
- https://vuldb.com/?submit.733342
- https://github.com/raysan5/raylib/issues/5433
- https://github.com/raysan5/raylib/pull/5450
- https://vuldb.com/?ctiid.341705
- https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146
- https://github.com/oneafter/1224/blob/main/hbf2
Affected packages
Git / github.com/raysan5/raylib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/raysan5/raylib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.4
1.0.6
1.1.1
1.2.2
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.4-dev
1.9.7-dev
2.*
2.0.0
2.5.0
2.6.0
3.*
3.0.0
3.5.0
3.7.0
4.*
4.0.0
4.2.0
4.5.0
4.6-dev
5.*
5.0
5.5
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026-01-01"
}
]
}
]
vanir_signatures
[
{
"target": {
"function": "LoadFontData",
"file": "src/rtext.c"
},
"id": "CVE-2025-15533-05d02998",
"digest": {
"function_hash": "234469333386703523857927165168932325348",
"length": 3384.0
},
"source": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/rtext.c"
},
"id": "CVE-2025-15533-08153269",
"digest": {
"line_hashes": [
"332257193890744966421266547215807177755",
"69155136182134254974640663417851473280",
"53255552284342855521330384830423396404",
"82135624135239829001516267008426002024",
"147913653490708871360953052069682210993",
"187171658754174233657820797333401035340",
"2535815641054325530376181763151890285",
"149408708091834066723013942769178210272",
"62859044455939651782200933963596858122",
"131486697162642799079019230129460296213",
"238686409694605816825582341723282941646",
"228156470512688113567503060070558604679",
"257567488424114353946328242809205991731",
"136712349953632112137137025296133978707",
"276860857922939190157884323072188030822",
"16157231882590559801189920768438303654",
"52050982601172229907284802952912222231",
"315631060798723098329702554826932767726",
"201511853958977940773605360352656473499",
"188081470204997281143823320117578986043",
"238988064144760471881704204726844483966",
"91193683439524711667059389137104120152",
"158397199167085365075675736253606848385",
"19380465476333779530712608586491897474",
"318359799784021952918852448865519281972",
"137320951051540641656550138121906424824"
],
"threshold": 0.9
},
"source": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"function": "GenImageFontAtlas",
"file": "src/rtext.c"
},
"id": "CVE-2025-15533-d1660dec",
"digest": {
"function_hash": "64547695484077864789327173104088640145",
"length": 4601.0
},
"source": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15533.json"